Jgraph

jgraph

3 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-40440 1Jgraph 1Mxgraph Nov 21, 2024 Oct 12, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setTooltips() function.
CVE-2019-13127 2Draw Jgraph 2Draw.io Diagrams Mxgraph Nov 21, 2024 Jul 1, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is as...Show more An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with javascript/examples/grapheditor/www/js/Dialogs.js.Show less
CVE-2017-18197 1Jgraph 1Mxgraph Nov 21, 2024 Feb 24, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.