David Benson

3 exploits Active since Jul 2019
CVE-2019-13127 WRITEUP MEDIUM WRITEUP
draw.io Diagrams < 8.3.14 and mxGraph < 4.0.0 - Stored Cross-Site Scripting via Color Field Input
An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with javascript/examples/grapheditor/www/js/Dialogs.js.
CVSS 6.1
CVE-2023-3398 WRITEUP HIGH WRITEUP
drawio < 18.1.3 - Denial of Service
Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3.
CVSS 7.5
CVE-2023-3973 WRITEUP MEDIUM WRITEUP
drawio < 21.6.3 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.
CVSS 6.1