4 matches found
CVE-2022-3148
creationtimestamp| type| source ---|---|--- 2022-09-08 14:15:03+00:00| seen| https://t.me/cibsecurity/49449...
CVE-2022-3148 Cross-site Scripting (XSS) - Generic in jgraph/drawio
Cross-site Scripting XSS - Generic in GitHub repository jgraph/drawio prior to 20.3.0...
CVE-2022-3148 Cross-site Scripting (XSS) - Generic in jgraph/drawio
Cross-site Scripting XSS - Generic in GitHub repository jgraph/drawio prior to 20.3.0...
CVE-2022-3148
CVE-2022-3148 describes a Cross-site Scripting (XSS) vulnerability in JGraph Draw.io (GitHub: jgraph/drawio) prior to version 20.3.0. The issue arises from how the application processes the use tag with dompurify, enabling an XSS payload to bypass CSP in some scenarios (e.g., a crafted SVG refere...