Diagrams CVE - OpenCVE

Filtered by vendor Diagrams Subscribe

Total 19 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-3026	1 Diagrams	1 Drawio	2025-01-10	N/A	6.1 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 21.2.8.
CVE-2023-3398	1 Diagrams	1 Drawio	2024-11-21	N/A	7.5 HIGH
Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3.
CVE-2022-3873	1 Diagrams	1 Drawio	2024-11-21	N/A	6.1 MEDIUM
Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2.
CVE-2022-3148	1 Diagrams	1 Drawio	2024-11-21	N/A	6.1 MEDIUM
Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0.
CVE-2022-3138	1 Diagrams	1 Drawio	2024-11-21	N/A	6.1 MEDIUM
Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0.
CVE-2022-3133	1 Diagrams	1 Drawio	2024-11-21	N/A	7.8 HIGH
OS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0.
CVE-2022-2015	1 Diagrams	1 Drawio	2024-11-21	3.5 LOW	5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.
CVE-2022-2014	1 Diagrams	1 Drawio	2024-11-21	3.5 LOW	5.4 MEDIUM
Code Injection in GitHub repository jgraph/drawio prior to 19.0.2.
CVE-2022-1815	1 Diagrams	1 Drawio	2024-11-21	5.0 MEDIUM	7.5 HIGH
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.
CVE-2022-1784	1 Diagrams	1 Drawio	2024-11-21	5.0 MEDIUM	7.5 HIGH
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8.
CVE-2022-1774	1 Diagrams	1 Draw.io	2024-11-21	5.8 MEDIUM	6.1 MEDIUM
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.
CVE-2022-1767	1 Diagrams	1 Draw.io	2024-11-21	5.0 MEDIUM	7.5 HIGH
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7.
CVE-2022-1727	1 Diagrams	1 Draw.io	2024-11-21	6.8 MEDIUM	8.8 HIGH
Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6.
CVE-2022-1723	1 Diagrams	1 Drawio	2024-11-21	5.0 MEDIUM	7.5 HIGH
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.
CVE-2022-1722	1 Diagrams	1 Draw.io	2024-11-21	2.1 LOW	3.3 LOW
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses
CVE-2022-1721	1 Diagrams	1 Draw.io	2024-11-21	5.0 MEDIUM	7.5 HIGH
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.
CVE-2022-1713	1 Diagrams	1 Draw.io	2024-11-21	5.0 MEDIUM	7.5 HIGH
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
CVE-2022-1711	1 Diagrams	1 Drawio	2024-11-21	5.0 MEDIUM	7.5 HIGH
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.
CVE-2022-1575	1 Diagrams	1 Drawio	2024-11-21	6.8 MEDIUM	9.6 CRITICAL
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.

Vulnerabilities (CVE)