202 matches found
JGraph draw.io 安全漏洞
JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io versions prior to 20.2.8, which stems from the proxy url parameter not being rate-limited...
CVE-2022-2014
Code Injection in GitHub repository jgraph/drawio prior to 19.0.2...
CVE-2022-2014
Code Injection in GitHub repository jgraph/drawio prior to 19.0.2...
CVE-2022-2015
Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 19.0.2...
CVE-2022-2015
Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 19.0.2...
JGraph draw.io 代码注入漏洞
JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io versions prior to 19.0.2 that stems from a code injection issue...
JGraph draw.io 跨站脚本漏洞
JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io versions prior to 19.0.2 that stems from a cross-site scripting XSS issue...
CVE-2022-2015 Cross-site Scripting (XSS) - Stored in jgraph/drawio
Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 19.0.2...
CVE-2022-2015 Cross-site Scripting (XSS) - Stored in jgraph/drawio
Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 19.0.2...
CVE-2022-2015
CVE-2022-2015 affects jgraph/drawio prior to 19.0.2 with a stored XSS vulnerability. The issue is in the GitHub repository and requires upgrade to 19.0.2 or later to remediate. Exploit details are not provided in the connected documents.
CVE-2022-2014
CVE-2022-2014 affects the jgraph/drawio project prior to 19.0.2. The connected sources describe a vulnerability in how diagram data is deserialized, enabling code injection via diagram content (notably unsafe deserialization of diagram elements and attributes), which can lead to client-side remot...
Command execution vulnerability in JGraph drawio-desktop
drawio-desktop is an Electron-based diagramming and whiteboarding desktop application. A command execution vulnerability exists in JGraph drawio-desktop that can be exploited by an attacker to cause code execution...
CVE-2022-1815
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2...
CVE-2022-1815 Exposure of Sensitive Information to an Unauthorized Actor in jgraph/drawio
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2...
CVE-2022-1815
Drawio (jgraph/drawio) prior to version 18.1.2 is affected by a server-side request forgery (SSRF) via the /service endpoint. The Nuclei template and related sources confirm an SSRF that could allow an attacker to obtain sensitive information, modify data, or perform unauthorized administrative a...
JGraph draw.io 代码问题漏洞
JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io prior to version 18.1.2 that originates from exposing sensitive information to an unauthorized Actor...
JGraph draw.io Cross-Site Scripting Vulnerability
JGraph draw.io is a configurable charting/whiteboard visualization application for JGraph. versions prior to JGraph draw.io 18.0.4 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could explo...
CVE-2022-1784
Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.8...
CVE-2022-1784
Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.8...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.8...