Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
diagrams drawio vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3026
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio before 21.2.8.
Diagrams Drawio
6.8
CVSSv2
CVE-2022-1575
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio before 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.
Diagrams Drawio
NA
CVE-2023-3973
Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio before 21.6.3.
Diagrams Drawio
NA
CVE-2023-3974
OS Command Injection in GitHub repository jgraph/drawio before 21.4.0.
Diagrams Drawio
NA
CVE-2023-3975
OS Command Injection in GitHub repository jgraph/drawio before 21.5.0.
Diagrams Drawio
NA
CVE-2023-3398
Denial of Service in GitHub repository jgraph/drawio before 18.1.3.
Diagrams Drawio
5
CVSSv2
CVE-2022-1711
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio before 18.0.5.
Diagrams Drawio
5
CVSSv2
CVE-2022-1713
SSRF on /proxy in GitHub repository jgraph/drawio before 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
Diagrams Drawio
5
CVSSv2
CVE-2022-1721
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio before 18.0.5. Read local files of the web application.
Diagrams Drawio
2.1
CVSSv2
CVE-2022-1722
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio before 18.0.5. SSRF to internal link-local IPv6 addresses
Diagrams Drawio
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »