CVE-2022-3873

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-3873
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3873.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-3873
Downstream
Published
2022-11-07T00:00:00Z
Modified
2025-12-04T10:35:16.529233Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Cross-site Scripting (XSS) - DOM in jgraph/drawio
Details

Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2.

Database specific 
{
    "cna_assigner": "@huntrdev",
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/3xxx/CVE-2022-3873.json"
}
References

Affected packages

Git / github.com/jgraph/drawio

Affected ranges

Type
GIT
Repo
https://github.com/jgraph/drawio
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d37894baf125430e85840c2635563b10d1a6523d

Database specific

vanir_signatures

[
    {
        "target": {
            "file": "src/main/java/com/mxgraph/online/EmbedServlet2.java",
            "function": "createEmbedJavaScript"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-3873-2cadd46a",
        "digest": {
            "function_hash": "79086362474153155778611743887495818432",
            "length": 3292.0
        },
        "source": "https://github.com/jgraph/drawio/commit/d37894baf125430e85840c2635563b10d1a6523d"
    },
    {
        "target": {
            "file": "src/main/java/com/mxgraph/online/EmbedServlet2.java"
        },
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-3873-7530323c",
        "digest": {
            "line_hashes": [
                "194320623952635297537975950581797134414",
                "1531774041614904290455787695133092035",
                "15406916020798463277768300097326069013",
                "225448726091534690587871208366064057794"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/jgraph/drawio/commit/d37894baf125430e85840c2635563b10d1a6523d"
    }
]