mxGraph vulnerable to cross-site scripting in color field
Moderate severity
GitHub Reviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Oct 19, 2023
Description
Published by the National Vulnerability Database
Jul 1, 2019
Published to the GitHub Advisory Database
May 24, 2022
Reviewed
Oct 19, 2023
Last updated
Oct 19, 2023
mxGraph through 4.0.0, related to the draw.io Diagrams plugin before 8.3.14 for Confluence and other products, is vulnerable to cross-site scripting. draw.io Diagrams allows the creation and editing of draw.io-based diagrams in Confluence. Among other things, it allows to set the background color of text displayed in the diagram. The color provided by the user is notproperly sanitized, leading to HTML and JavaScript code to be displayed "as it is" to visitors of the page. This allows attackers to execute JavaScript code in the context of the visitor's browser and session and to e.g. run Confluence command under the visitor's user or attack the visitor's browser.
Proof of Concept (PoC):
onMouseOver=alert(1) a=
References