Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3398 | 1 Diagrams | 1 Drawio | 2024-02-04 | N/A | 7.5 HIGH |
| Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3. | |||||
| CVE-2023-3026 | 1 Diagrams | 1 Drawio | 2024-02-04 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 21.2.8. | |||||
| CVE-2022-3148 | 1 Diagrams | 1 Drawio | 2024-02-04 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0. | |||||
| CVE-2022-3133 | 1 Diagrams | 1 Drawio | 2024-02-04 | N/A | 7.8 HIGH |
| OS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0. | |||||
| CVE-2022-3873 | 1 Diagrams | 1 Drawio | 2024-02-04 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2. | |||||
| CVE-2022-3138 | 1 Diagrams | 1 Drawio | 2024-02-04 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0. | |||||
| CVE-2022-1815 | 1 Diagrams | 1 Drawio | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2. | |||||
| CVE-2022-2015 | 1 Diagrams | 1 Drawio | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2. | |||||
| CVE-2022-2014 | 1 Diagrams | 1 Drawio | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Code Injection in GitHub repository jgraph/drawio prior to 19.0.2. | |||||
| CVE-2022-1784 | 1 Diagrams | 1 Drawio | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8. | |||||
| CVE-2022-1711 | 1 Diagrams | 1 Drawio | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5. | |||||
| CVE-2022-1575 | 1 Diagrams | 1 Drawio | 2024-02-04 | 6.8 MEDIUM | 9.6 CRITICAL |
| Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app. | |||||
| CVE-2022-1723 | 1 Diagrams | 1 Drawio | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6. | |||||