Vulnerabilities > Diagrams > Drawio > 20.3.6

DATE CVE VULNERABILITY TITLE RISK
2023-07-27 CVE-2023-3973 Cross-site Scripting vulnerability in Diagrams Drawio
Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.
network
low complexity
diagrams CWE-79
6.1
6.1
2023-07-27 CVE-2023-3974 OS Command Injection vulnerability in Diagrams Drawio
OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0.
network
low complexity
diagrams CWE-78
critical
 9.8
9.8
2023-07-27 CVE-2023-3975 OS Command Injection vulnerability in Diagrams Drawio
OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0.
network
low complexity
diagrams CWE-78
critical
 9.8
9.8
2023-06-01 CVE-2023-3026 Cross-site Scripting vulnerability in Diagrams Drawio
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 21.2.8.
network
low complexity
diagrams CWE-79
6.1
6.1
2022-11-07 CVE-2022-3873 Cross-site Scripting vulnerability in Diagrams Drawio
Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2.
network
low complexity
diagrams CWE-79
6.1
6.1