Stored XSS on drawio in jgraph/drawio
May 15th 2022
Steps to reproduce
- Create a text box and set word size to 50
- Click with the rigth button and "Edit link"
- Put asdf://test.com
- Click with the rigth button again and "Edit data"
- Export the page as URL
- Click on the link
It also affects confluence as its available as an app on the marketplace, POC video: https://youtu.be/RHevZOx1nhc
David Benson validated this vulnerability a year ago
Joao Vitor Maia has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
David Benson gave praise a year ago
Thank you for correctly scoring the fix initially. There's many attempts to simply score everything as critical, we do remember when researchers score professionally.
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
David Benson marked this as fixed in 18.0.4 with commit 4deece a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
Joao Vitor Maia
commented a year ago
to join this conversation