Lucene search
K

6 matches found

NVD
NVD
added 2026/06/10 6:17 p.m.14 views

CVE-2026-46642

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer which works correctly on the rendering path but in...

6.1CVSS0.00221EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/10 5:42 p.m.8 views

CVE-2026-46642 draw.io: XSS via crafted cell label when opening a .drawio file

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer which works correctly on the rendering path but in...

6.1CVSS5.9AI score0.00221EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 5:42 p.m.11 views

EUVD-2026-36077

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer which works correctly on the rendering path but in...

6.1CVSS5.9AI score0.00221EPSS
Exploits1References2
CVE
CVE
added 2026/06/10 5:42 p.m.29 views

CVE-2026-46642

CVE-2026-46642 affects draw.io prior to 29.7.12. A crafted .drawio file can execute arbitrary JavaScript in the editor’s origin when opened. The root cause is a feature-detection routine in the Text Format panel that reads the raw cell label and assigns it to a detached element’s innerHTML withou...

6.1CVSS5.9AI score0.00221EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48502

Name of the Vulnerable Software and Affected Versions draw.io versions prior to 29.7.12 Description A crafted .drawio file can execute arbitrary JavaScript in the editor's origin when opened. The issue exists in a feature-detection routine within the Text Format panel that reads the raw cell labe...

6.1CVSS5.8AI score0.00221EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.9 views

draw.io 跨站脚本漏洞

Draw.IO is an open-source configurable charting and whiteboard application. Versions of Draw.IO prior to 29.7.12 had a cross-site scripting vulnerability. This vulnerability occurred because the feature detection routine in the Text Format panel did not clean up the original cell labels, allowing...

6.1CVSS5.4AI score0.00221EPSS
Exploits1References1
Rows per page
Query Builder