Diagrams Security Vulnerabilities
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.
9.6CVSS
9.3AI Score
0.002EPSS
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.
7.5CVSS
7.6AI Score
0.001EPSS
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
7.5CVSS
7.4AI Score
0.021EPSS
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.
7.5CVSS
7.5AI Score
0.001EPSS
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses
3.3CVSS
4.1AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.
7.5CVSS
7.6AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.002EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 18.0.4.
4.6CVSS
4.6AI Score
0.001EPSS
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7.
7.5CVSS
7.6AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.
6.1CVSS
6.2AI Score
0.001EPSS
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8.
7.5CVSS
7.6AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.
7.5CVSS
7.5AI Score
0.019EPSS
5.4CVSS
5.8AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.
5.4CVSS
5.3AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.2.8.
5.4CVSS
5.3AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.001EPSS
Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0.
6.1CVSS
6AI Score
0.001EPSS
Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0.
6.1CVSS
6AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1.
6.1CVSS
6AI Score
0.001EPSS
Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2.
6.1CVSS
6AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 21.2.8.
6.1CVSS
6AI Score
0.001EPSS
7.5CVSS
6.2AI Score
0.001EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.
6.1CVSS
6.2AI Score
0.001EPSS
9.8CVSS
9.7AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.002EPSS