Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 01/07/2019 Updated: 21/07/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

An issue exists in mxGraph up to and including 4.0.0, related to the "draw.io Diagrams" plugin prior to 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with javascript/examples/grapheditor/www/js/Dialogs.js.

Vulnerable Product	Search on Vulmon	Subscribe to Product
draw draw.io diagrams
jgraph mxgraph

CWE-79 CWE-20 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-032.txt https://marketplace.atlassian.com/apps/1210933/draw-io-diagrams-for-confluence/version-history https://github.com/jgraph/mxgraph/commit/76e8e2809b622659a9c5ffdc4f19922b7a68cfa3 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-13127

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect