mxGraph v4.2.2 exists to contain a cross-site scripting (XSS) vulnerability via the setTooltips() function.
jgraph mxgraph 4.2.2