233 matches found
CVE-2023-3973
Cross-site Scripting XSS - Reflected in GitHub repository jgraph/drawio prior to 21.6.3...
CVE-2023-3398
Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3...
CVE-2023-3974
OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0...
CVE-2022-2015
Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 19.0.2...
CVE-2022-1815
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2...
CVE-2022-1730
Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 18.0.4...
CVE-2022-3148
Cross-site Scripting XSS - Generic in GitHub repository jgraph/drawio prior to 20.3.0...
CVE-2022-3223
Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 20.3.1...
CVE-2022-3127
Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 20.2.8...
CVE-2022-3065
Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8...
CVE-2022-3138
Cross-site Scripting XSS - Generic in GitHub repository jgraph/drawio prior to 20.3.0...
CVE-2022-3133
OS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0...
CVE-2022-1727
Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6...
CVE-2022-1767
Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.7...
CVE-2022-1723
Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.6...
CVE-2022-1774
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7...
CVE-2022-1721
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application...
CVE-2022-1784
Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.8...
CVE-2022-1713
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information...
CVE-2022-1722
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses...