Lucene search
K

202 matches found

CNNVD
CNNVD
added 2022/09/02 12:0 a.m.6 views

JGraph draw.io 安全漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io versions prior to 20.2.8, which stems from the proxy url parameter not being rate-limited...

7.5CVSS6.2AI score0.01017EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/06/09 5:15 p.m.5 views

CVE-2022-2014

Code Injection in GitHub repository jgraph/drawio prior to 19.0.2...

9.6CVSS6.9AI score0.00698EPSS
Exploits1References3
NVD
NVD
added 2022/06/09 5:15 p.m.22 views

CVE-2022-2014

Code Injection in GitHub repository jgraph/drawio prior to 19.0.2...

9.6CVSS0.00698EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/06/09 5:15 p.m.4 views

CVE-2022-2015

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 19.0.2...

6.1CVSS6.3AI score0.00607EPSS
Exploits1References3
NVD
NVD
added 2022/06/09 5:15 p.m.23 views

CVE-2022-2015

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 19.0.2...

6.1CVSS0.00607EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/09 12:0 a.m.5 views

JGraph draw.io 代码注入漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io versions prior to 19.0.2 that stems from a code injection issue...

9.6CVSS7.5AI score0.00698EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/06/09 12:0 a.m.5 views

JGraph draw.io 跨站脚本漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io versions prior to 19.0.2 that stems from a cross-site scripting XSS issue...

6.1CVSS5.6AI score0.00607EPSS
Exploits1References5
OSV
OSV
added 2022/06/08 8:30 a.m.17 views

CVE-2022-2015 Cross-site Scripting (XSS) - Stored in jgraph/drawio

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 19.0.2...

6.1CVSS6.2AI score0.00607EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/06/08 8:30 a.m.25 views

CVE-2022-2015 Cross-site Scripting (XSS) - Stored in jgraph/drawio

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 19.0.2...

6.1CVSS5.6AI score0.00607EPSS
Exploits1References2
CVE
CVE
added 2022/06/08 8:30 a.m.45 views

CVE-2022-2015

CVE-2022-2015 affects jgraph/drawio prior to 19.0.2 with a stored XSS vulnerability. The issue is in the GitHub repository and requires upgrade to 19.0.2 or later to remediate. Exploit details are not provided in the connected documents.

6.1CVSS5.5AI score0.00607EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/06/08 7:25 a.m.52 views

CVE-2022-2014

CVE-2022-2014 affects the jgraph/drawio project prior to 19.0.2. The connected sources describe a vulnerability in how diagram data is deserialized, enabling code injection via diagram content (notably unsafe deserialization of diagram elements and attributes), which can lead to client-side remot...

9.6CVSS6.2AI score0.00698EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2022/06/08 12:0 a.m.11 views

Command execution vulnerability in JGraph drawio-desktop

drawio-desktop is an Electron-based diagramming and whiteboarding desktop application. A command execution vulnerability exists in JGraph drawio-desktop that can be exploited by an attacker to cause code execution...

7.7AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/05/25 9:15 a.m.8 views

CVE-2022-1815

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2...

7.5CVSS6.4AI score0.05704EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/05/25 8:15 a.m.24 views

CVE-2022-1815 Exposure of Sensitive Information to an Unauthorized Actor in jgraph/drawio

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2...

5.3CVSS7.7AI score0.05704EPSS
Exploits1References2
CVE
CVE
added 2022/05/25 8:15 a.m.85 views

CVE-2022-1815

Drawio (jgraph/drawio) prior to version 18.1.2 is affected by a server-side request forgery (SSRF) via the /service endpoint. The Nuclei template and related sources confirm an SSRF that could allow an attacker to obtain sensitive information, modify data, or perform unauthorized administrative a...

7.5CVSS6.3AI score0.05704EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/05/25 12:0 a.m.4 views

JGraph draw.io 代码问题漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io prior to version 18.1.2 that originates from exposing sensitive information to an unauthorized Actor...

7.5CVSS6.2AI score0.05704EPSS
Exploits1References4
CNVD
CNVD
added 2022/05/23 12:0 a.m.14 views

JGraph draw.io Cross-Site Scripting Vulnerability

JGraph draw.io is a configurable charting/whiteboard visualization application for JGraph. versions prior to JGraph draw.io 18.0.4 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could explo...

3.5CVSS3AI score0.00579EPSS
Exploits1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/05/20 1:15 p.m.5 views

CVE-2022-1784

Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.8...

7.5CVSS7.1AI score0.01686EPSS
Exploits1References3
NVD
NVD
added 2022/05/20 1:15 p.m.16 views

CVE-2022-1784

Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.8...

7.5CVSS0.01686EPSS
Exploits1References2
Prion
Prion
added 2022/05/20 1:15 p.m.15 views

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.8...

5CVSS7.6AI score0.01686EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder