CVE-2022-3148 MEDIUM

CVE-2022-3148: Cross-site Scripting (XSS) - Generic in jgraph/drawio

Vendor Jgraph
Product jgraph/drawio
Weakness CWE-79 · XSS
Published September 8, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0.

Key dates

02Disclosure timeline

September 8, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2019-16015 Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability CVE-2022-1979 SourceCodester Product Show Room Site p=contact cross site scripting CVE-2024-5088 Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-27439 WordPress New Adman Plugin <= 1.6.8 is vulnerable to Cross Site Scripting (XSS) CVE-2024-32597 WordPress WP Smart Import plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability