Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

39 matches found

Github Security Blog
Github Security Blogadded 2022/05/14 3:38 a.m.24 views

mxGraph vulnerable to XXE attacks

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...

9.8CVSS6.9AI score0.0044EPSS
Exploits1References5Affected Software1
Veracode
Veracodeadded 2019/07/02 3:10 a.m.12 views

Cross-Site Scripting (XSS)

mxgraph is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the color field in javascript/examples/grapheditor/www/js/Dialogs.js...

6.1CVSS5.9AI score0.00428EPSS
Exploits1References3Affected Software1
CNVD
CNVDadded 2019/07/02 12:0 a.m.2 views

mxGraph Cross-Site Scripting Vulnerability

mxGraph is a JavaScript charting library . A cross-site scripting vulnerability exists in mxGraph 4.0.0 and earlier versions. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit the vulnerability to execute client-side code...

6.1CVSS6.4AI score0.00428EPSS
Exploits1References1
NVD
NVDadded 2019/07/01 3:15 p.m.9 views

CVE-2019-13127

An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with javascript/examples/grapheditor/www/js/Dialogs.js...

6.1CVSS6.2AI score0.00428EPSS
Exploits1References3
OSV
OSVadded 2019/07/01 3:15 p.m.12 views

CVE-2019-13127

An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with javascript/examples/grapheditor/www/js/Dialogs.js...

6.1CVSS6.7AI score
Exploits0References3
Prion
Prionadded 2019/07/01 3:15 p.m.9 views

Input validation

An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with javascript/examples/grapheditor/www/js/Dialogs.js...

4.3CVSS6.2AI score0.00428EPSS
Exploits1References3Affected Software2
UbuntuCve
UbuntuCveadded 2019/07/01 3:15 p.m.26 views

CVE-2019-13127

An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with javascript/examples/grapheditor/www/js/Dialogs.js...

6.1CVSS6.3AI score0.00428EPSS
Exploits1References4
CVE
CVEadded 2019/07/01 2:33 p.m.60 views

CVE-2019-13127

mxGraph (up to version 4.0.0) and the draw.io Diagrams plugin for Confluence are vulnerable to cross-site scripting due to improper validation/sanitization of a color field in javascript/examples/grapheditor/www/js/Dialogs.js. Multiple sources (NVD, OSV, GHSA, CNVD, etc.) describe an XSS conditio...

6.1CVSS6.1AI score0.00428EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2019/07/01 2:33 p.m.10 views

CVE-2019-13127

An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with javascript/examples/grapheditor/www/js/Dialogs.js...

6.2AI score0.00428EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2018/03/01 4:48 a.m.9 views

CVE-2017-18197

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...

9.8CVSS5.1AI score0.0044EPSS
Exploits1References1
OSV
OSVadded 2018/02/24 2:29 a.m.10 views

CVE-2017-18197

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...

9.8CVSS9.6AI score
Exploits0References2
OSV
OSVadded 2018/02/24 2:29 a.m.1 views

DEBIAN-CVE-2017-18197

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...

9.8CVSS9.3AI score0.0044EPSS
Exploits1References1
NVD
NVDadded 2018/02/24 2:29 a.m.7 views

CVE-2017-18197

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...

9.8CVSS9.4AI score0.0044EPSS
Exploits1References2
UbuntuCve
UbuntuCveadded 2018/02/24 2:29 a.m.17 views

CVE-2017-18197

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...

9.8CVSS7.2AI score0.0044EPSS
Exploits1References2
OSV
OSVadded 2018/02/24 2:29 a.m.0 views

UBUNTU-CVE-2017-18197

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...

9.8CVSS7.3AI score0.0044EPSS
Exploits1References3
Debian CVE
Debian CVEadded 2018/02/24 2:0 a.m.12 views

CVE-2017-18197

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...

9.8CVSS9.4AI score0.0044EPSS
Exploits1
CVE
CVEadded 2018/02/24 2:0 a.m.54 views

CVE-2017-18197

CVE-2017-18197 affects mxGraph (before 3.7.6). In mxGraphViewImageReader.java, the SAXParserFactory used in convert() lacks XXE-defensive flags, enabling XML External Entity attacks (as demonstrated by /ServerView). Public disclosures and advisories (GHSA-wvpv-8524-wg6x; Fed/Debian/Nessus entries...

9.8CVSS9.2AI score0.0044EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2018/02/24 2:0 a.m.8 views

CVE-2017-18197

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...

9.3AI score0.0044EPSS
Exploits1References2
CNVD
CNVDadded 2018/02/24 12:0 a.m.1 views

mxgraph mxGraphViewImageReader.java file XML external entity vulnerability

mxGraph is a JavaScript charting library . A security vulnerability in the mxGraphViewImageReader.java file in versions prior to mxGraph 3.7.6 stems from a SAXParserFactory instance in the 'convert' function that lacks the user blocking XML external entity injection attacks with a status flag...

9.8CVSS7.1AI score0.0044EPSS
Exploits1References1
Rows per page
Query Builder