CVE-2022-1575

Published May 5th, 2022

View on NVD ↗

CVSS v3

9.6

CRITICAL

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.

jgraph/drawio

draw.io is a JavaScript, client-side editor for general diagramming.

GitHub

6.36K