icon

We found results for “

WS-2023-0211

Good to know:

icon

Date: June 1, 2023

Cross-site Scripting in Preview function bypass CSP in GitHub repository jgraph/drawio prior to 21.3.1.

Language: JS

Severity Score

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

icon

Upgrade Version

Upgrade to version tikiwiki/diagram - v15.3.4;tikiwiki/diagram - v12.8.6;tikiwiki/diagram - v15.5.1;tikiwiki/diagram - v14.3.0;tikiwiki/diagram - v16.3.0;tikiwiki/diagram - v16.4.5;tikiwiki/diagram - v17.4.3;tikiwiki/diagram - testDeploy9;tikiwiki/diagram - v15.8.8;tikiwiki/diagram - v21.3.1;tikiwiki/diagram - v14.7.9;tikiwiki/diagram - v14.8.5;tikiwiki/diagram - v15.7.4;tikiwiki/diagram - v17.4.0;tikiwiki/diagram - testDeploy1;tikiwiki/diagram - v14.9.9;tikiwiki/diagram - v12.4.4;xorti/mxgraph-editor - no_fix;xorti/mxgraph-editor - v3.9.8;org.webjars.bowergithub.jgraph:drawio:no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us