Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
diagrams drawio vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-3127
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio before 20.2.8.
Diagrams Drawio
NA
CVE-2022-3133
OS Command Injection in GitHub repository jgraph/drawio before 20.3.0.
Diagrams Drawio
NA
CVE-2022-3138
Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio before 20.3.0.
Diagrams Drawio
NA
CVE-2022-3148
Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio before 20.3.0.
Diagrams Drawio
605
VMScore
CVE-2022-1575
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio before 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.
Diagrams Drawio
445
VMScore
CVE-2022-1721
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio before 18.0.5. Read local files of the web application.
Diagrams Drawio
187
VMScore
CVE-2022-1722
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio before 18.0.5. SSRF to internal link-local IPv6 addresses
Diagrams Drawio
605
VMScore
CVE-2022-1727
Improper Input Validation in GitHub repository jgraph/drawio before 18.0.6.
Diagrams Drawio
312
VMScore
CVE-2022-1730
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio before 18.0.4.
Diagrams Drawio
445
VMScore
CVE-2022-1767
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio before 18.0.7.
Diagrams Drawio
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »