Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
JgraphMxgraph

3 matches found

CVE
CVEadded 2019/07/01 2:33 p.m.67 views

CVE-2019-13127

mxGraph (up to version 4.0.0) and the draw.io Diagrams plugin for Confluence are vulnerable to cross-site scripting due to improper validation/sanitization of a color field in javascript/examples/grapheditor/www/js/Dialogs.js. Multiple sources (NVD, OSV, GHSA, CNVD, etc.) describe an XSS conditio...

6.1CVSS6.1AI score0.00428EPSS
CVE
CVEadded 2018/02/24 2:0 a.m.55 views

CVE-2017-18197

CVE-2017-18197 affects mxGraph (before 3.7.6). In mxGraphViewImageReader.java, the SAXParserFactory used in convert() lacks XXE-defensive flags, enabling XML External Entity attacks (as demonstrated by /ServerView). Public disclosures and advisories (GHSA-wvpv-8524-wg6x; Fed/Debian/Nessus entries...

9.8CVSS9.2AI score0.0044EPSS
CVE
CVEadded 2022/10/11 12:0 a.m.42 views

CVE-2022-40440

mxGraph version 4.2.2 contains a cross-site scripting (XSS) vulnerability in the setTooltips() function. The provided connected records confirm the flaw but do not include concrete exploit details or official patches within the documents. A PT-2022-25387 entry recommends disabling the setTooltips...

6.1CVSS6AI score0.00486EPSS