Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jgraph vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-18197
In mxGraphViewImageReader.java in mxGraph prior to 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.
Jgraph Mxgraph
6.1
CVSSv3
CVE-2022-40440
mxGraph v4.2.2 exists to contain a cross-site scripting (XSS) vulnerability via the setTooltips() function.
Jgraph Mxgraph 4.2.2
6.1
CVSSv3
CVE-2019-13127
An issue exists in mxGraph up to and including 4.0.0, related to the "draw.io Diagrams" plugin prior to 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with javascript/examples/graphedito...
Draw Draw.io Diagrams
Jgraph Mxgraph
5.4
CVSSv3
CVE-2022-2014
Code Injection in GitHub repository jgraph/drawio before 19.0.2.
Diagrams Drawio
7.8
CVSSv3
CVE-2022-3133
OS Command Injection in GitHub repository jgraph/drawio before 20.3.0.
Diagrams Drawio
7.5
CVSSv3
CVE-2022-3065
Improper Access Control in GitHub repository jgraph/drawio before 20.2.8.
Diagrams Drawio
7.5
CVSSv3
CVE-2023-3398
Denial of Service in GitHub repository jgraph/drawio before 18.1.3.
Diagrams Drawio
8.8
CVSSv3
CVE-2022-1727
Improper Input Validation in GitHub repository jgraph/drawio before 18.0.6.
Diagrams Drawio
9.8
CVSSv3
CVE-2023-3974
OS Command Injection in GitHub repository jgraph/drawio before 21.4.0.
Diagrams Drawio
9.8
CVSSv3
CVE-2023-3975
OS Command Injection in GitHub repository jgraph/drawio before 21.5.0.
Diagrams Drawio
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »