CVE-2022-40440
MEDIUMmxGraph v4.2.2 - Cross-Site Scripting via setTooltips() Function
Title source: llmDescription
mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setTooltips() function.
References (3)
Core 3
Core References
Product
http://mxgraph.com
Exploit, Third Party Advisory
https://github.com/SxB64/mxgraph-xss-vul/wiki
Scores
CVSS v3
6.1
EPSS
0.0049
EPSS Percentile
65.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
jgraph/mxgraph
4.2.2
npm/mxgraph
0npm
Published
Oct 12, 2022
Tracked Since
Feb 18, 2026