2 matches found
CVE-2022-1575 Arbitrary Code Execution through Sanitizer Bypass in jgraph/drawio
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary remote code execution in the desktop app. - Stored XSS in the web app...
CVE-2022-1575
CVE-2022-1575 affects JGraph Draw.io (jgraph/drawio) including the desktop and web apps, due to a sanitizer bypass in the core library. The underlying issue is a mutation XSS in the sanitizer (Graph.sanitizeHtml), enabling arbitrary code execution in the desktop app and stored XSS in the web app....