Vulnerabilities > Diagrams > Drawio > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-27 CVE-2023-3973 Cross-site Scripting vulnerability in Diagrams Drawio
Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.
network
low complexity
diagrams CWE-79
6.1
2023-06-01 CVE-2023-3026 Cross-site Scripting vulnerability in Diagrams Drawio
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 21.2.8.
network
low complexity
diagrams CWE-79
6.1
2022-11-07 CVE-2022-3873 Cross-site Scripting vulnerability in Diagrams Drawio
Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2.
network
low complexity
diagrams CWE-79
6.1
2022-05-25 CVE-2022-1815 Server-Side Request Forgery (SSRF) vulnerability in Diagrams Drawio
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.
network
low complexity
diagrams CWE-918
5.0
2022-05-20 CVE-2022-1784 Server-Side Request Forgery (SSRF) vulnerability in Diagrams Drawio
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8.
network
low complexity
diagrams CWE-918
5.0
2022-05-19 CVE-2022-1730 Cross-site Scripting vulnerability in Diagrams Drawio
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 18.0.4.
network
low complexity
diagrams CWE-79
4.6
2022-05-18 CVE-2022-1774 Open Redirect vulnerability in Diagrams Drawio
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.
network
low complexity
diagrams CWE-601
6.1
2022-05-17 CVE-2022-1711 Server-Side Request Forgery (SSRF) vulnerability in Diagrams Drawio
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.
network
low complexity
diagrams CWE-918
5.0
2022-05-17 CVE-2022-1723 Server-Side Request Forgery (SSRF) vulnerability in Diagrams Drawio
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.
network
low complexity
diagrams CWE-918
5.0
2022-05-05 CVE-2022-1575 Cross-site Scripting vulnerability in Diagrams Drawio
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0.
network
diagrams CWE-79
6.8