Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Diagrams Subscribe
Total 19 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-3398 1 Diagrams 1 Drawio 2024-02-04 N/A 7.5 HIGH
Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3.
CVE-2023-3026 1 Diagrams 1 Drawio 2024-02-04 N/A 6.1 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 21.2.8.
CVE-2022-3148 1 Diagrams 1 Drawio 2024-02-04 N/A 6.1 MEDIUM
Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0.
CVE-2022-3133 1 Diagrams 1 Drawio 2024-02-04 N/A 7.8 HIGH
OS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0.
CVE-2022-3873 1 Diagrams 1 Drawio 2024-02-04 N/A 6.1 MEDIUM
Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2.
CVE-2022-3138 1 Diagrams 1 Drawio 2024-02-04 N/A 6.1 MEDIUM
Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0.
CVE-2022-1721 1 Diagrams 1 Draw.io 2024-02-04 5.0 MEDIUM 7.5 HIGH
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.
CVE-2022-1815 1 Diagrams 1 Drawio 2024-02-04 5.0 MEDIUM 7.5 HIGH
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.
CVE-2022-2015 1 Diagrams 1 Drawio 2024-02-04 3.5 LOW 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.
CVE-2022-1722 1 Diagrams 1 Draw.io 2024-02-04 2.1 LOW 3.3 LOW
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses
CVE-2022-2014 1 Diagrams 1 Drawio 2024-02-04 3.5 LOW 5.4 MEDIUM
Code Injection in GitHub repository jgraph/drawio prior to 19.0.2.
CVE-2022-1767 1 Diagrams 1 Draw.io 2024-02-04 5.0 MEDIUM 7.5 HIGH
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7.
CVE-2022-1713 1 Diagrams 1 Draw.io 2024-02-04 5.0 MEDIUM 7.5 HIGH
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
CVE-2022-1784 1 Diagrams 1 Drawio 2024-02-04 5.0 MEDIUM 7.5 HIGH
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8.
CVE-2022-1711 1 Diagrams 1 Drawio 2024-02-04 5.0 MEDIUM 7.5 HIGH
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.
CVE-2022-1774 1 Diagrams 1 Draw.io 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.
CVE-2022-1575 1 Diagrams 1 Drawio 2024-02-04 6.8 MEDIUM 9.6 CRITICAL
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.
CVE-2022-1723 1 Diagrams 1 Drawio 2024-02-04 5.0 MEDIUM 7.5 HIGH
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.
CVE-2022-1727 1 Diagrams 1 Draw.io 2024-02-04 6.8 MEDIUM 8.8 HIGH
Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6.