CVE-2023-3973

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-3973

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3973.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-3973

Published

2023-07-27T14:33:11.271Z

Modified

2026-04-10T04:59:33.643013Z

Severity

9.6 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L CVSS Calculator

Summary

Cross-site Scripting (XSS) - Reflected in jgraph/drawio

Details

Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.

Database specific

{
    "cna_assigner": "@huntrdev",
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3973.json"
}

References

Affected packages

Git / github.com/jgraph/drawio

Affected ranges

Type: GIT
Repo: https://github.com/jgraph/drawio
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1db2c2c653aa245d175d30c210239e3946bfcb95

Affected versions

v11.*

v11.1.5

v11.2.0

v11.2.1

v11.2.2

v11.2.4

v11.2.5

v11.2.6

v11.2.7

v11.2.8

v11.2.9

v11.3.0

v11.3.1

v11.3.2

v12.*

v12.0.0

v12.1.0

v12.1.1

v12.1.2

v12.1.3

v12.1.4

v12.1.5

v12.1.6

v12.1.7

v12.1.8

v12.1.9

v12.2.0

v12.2.1

v12.2.2

v12.2.3

v12.2.4

v12.2.7

v12.2.8

v12.2.9

v12.3.0

v12.3.1

v12.3.2

v12.3.3

v12.3.4

v12.3.5

v12.3.6

v12.3.7

v12.3.9

v12.4.0

v12.4.1

v12.4.2

v12.4.3

v12.4.4

v12.4.5

v12.4.6

v12.4.7

v12.4.8

v12.5.0

v12.5.1

v12.5.2

v12.5.3

v12.5.4

v12.5.5

v12.5.7

v12.5.8

v12.6.1

v12.6.3

v12.6.4

v12.6.5

v12.6.7

v12.6.8

v12.7.0

v12.7.1

v12.7.2

v12.7.3

v12.7.4

v12.7.8

v12.7.9

v12.8.0

v12.8.1

v12.8.2

v12.8.3

v12.8.5

v12.8.6

v12.9.1

v12.9.10

v12.9.11

v12.9.12

v12.9.13

v12.9.14

v12.9.2

v12.9.3

v12.9.4

v12.9.5

v12.9.6

v12.9.7

v12.9.8

v12.9.9

v13.*

v13.0.0

v13.0.1

v13.0.2

v13.0.3

v13.0.4

v13.0.6

v13.0.7

v13.0.8

v13.0.9

v13.1.1

v13.1.13

v13.1.14

v13.1.2

v13.1.3

v13.1.4

v13.1.7

v13.1.8

v13.1.9

v13.10.0

v13.10.1

v13.10.2

v13.10.4

v13.10.5

v13.10.6

v13.10.9

v13.11.0

v13.2.0

v13.2.1

v13.2.2

v13.2.3

v13.2.4

v13.2.5

v13.3.0

v13.3.1

v13.3.3

v13.3.4

v13.3.5

v13.3.6

v13.3.7

v13.3.8

v13.3.9

v13.4.0

v13.4.1

v13.4.2

v13.4.3

v13.4.4

v13.4.5

v13.4.6

v13.4.7

v13.4.8

v13.4.9

v13.5.0

v13.5.1

v13.5.2

v13.5.3

v13.5.4

v13.5.5

v13.5.6

v13.5.7

v13.5.8

v13.5.9

v13.6.0

v13.6.1

v13.6.10

v13.6.2

v13.6.3

v13.6.4

v13.6.5

v13.6.6

v13.6.7

v13.6.8

v13.6.9

v13.7.0

v13.7.2

v13.7.3

v13.7.4

v13.7.5

v13.7.6

v13.7.7

v13.7.8

v13.7.9

v13.8.0

v13.8.1

v13.8.2

v13.8.3

v13.8.5

v13.8.6

v13.8.7

v13.8.8

v13.8.9

v13.9.0

v13.9.1

v13.9.4

v13.9.5

v13.9.7

v13.9.8

v13.9.9

v14.*

v14.0.0

v14.0.1

v14.0.2

v14.0.3

v14.0.4

v14.1.0

v14.1.1

v14.1.2

v14.1.3

v14.1.4

v14.1.5

v14.1.7

v14.1.8

v14.1.9

v14.2.2

v14.2.3

v14.2.4

v14.2.5

v14.2.6

v14.2.7

v14.2.8

v14.2.9

v14.3.0

v14.3.1

v14.3.2

v14.4.0

v14.4.2

v14.4.3

v14.4.4

v14.4.5

v14.4.6

v14.4.7

v14.4.8

v14.4.9

v14.5.0

v14.5.1

v14.5.2

v14.5.4

v14.5.5

v14.5.6

v14.5.7

v14.5.9

v14.6.0

v14.6.10

v14.6.13

v14.6.2

v14.6.5

v14.6.6

v14.6.8

v14.6.9

v14.7.0

v14.7.1

v14.7.10

v14.7.2

v14.7.3

v14.7.4

v14.7.5

v14.7.6

v14.7.7

v14.7.8

v14.7.9

v14.8.0

v14.8.2

v14.8.3

v14.8.4

v14.8.5

v14.8.6

v14.9.0

v14.9.1

v14.9.2

v14.9.3

v14.9.4

v14.9.5

v14.9.6

v14.9.7

v14.9.9

v15.*

v15.0.0

v15.0.1

v15.0.2

v15.0.3

v15.0.4

v15.0.5

v15.0.6

v15.1.0

v15.1.1

v15.1.2

v15.1.3

v15.1.4

v15.2.0

v15.2.1

v15.2.2

v15.2.5

v15.2.6

v15.2.7

v15.2.9

v15.3.0

v15.3.1

v15.3.2

v15.3.3

v15.3.4

v15.3.5

v15.3.6

v15.3.7

v15.3.8

v15.4.0

v15.4.1

v15.4.2

v15.4.3

v15.5.0

v15.5.1

v15.5.2

v15.5.4

v15.5.5

v15.5.7

v15.5.8

v15.5.9

v15.6.0

v15.6.1

v15.6.2

v15.6.3

v15.6.4

v15.6.5

v15.6.6

v15.6.8

v15.7.0

v15.7.1

v15.7.2

v15.7.3

v15.7.4

v15.8.0

v15.8.1

v15.8.3

v15.8.4

v15.8.5

v15.8.6

v15.8.7

v15.8.8

v15.8.9

v15.9.1

v15.9.3

v15.9.4

v15.9.5

v15.9.6

v16.*

v16.0.0

v16.0.2

v16.0.3

v16.1.0

v16.1.2

v16.1.3

v16.1.4

v16.2.1

v16.2.2

v16.2.3

v16.2.4

v16.2.6

v16.2.7

v16.3.0

v16.4.0

v16.4.11

v16.4.3

v16.4.5

v16.4.7

v16.4.8

v16.5.1

v16.5.2

v16.5.3

v16.5.4

v16.5.6

v16.6.0

v16.6.1

v16.6.2

v16.6.3

v16.6.4

v16.6.5

v16.6.6

v16.6.7

v16.6.8

v17.*

v17.0.0

v17.1.0

v17.1.1

v17.1.2

v17.1.3

v17.1.4

v17.1.5

v17.2.1

v17.2.2

v17.2.3

v17.2.4

v17.2.5

v17.3.0

v17.4.0

v17.4.1

v17.4.2

v17.4.3

v17.5.1

v18.*

v18.0.0

v18.0.1

v18.0.2

v18.0.3

v18.0.4

v18.0.5

v18.0.6

v18.0.7

v18.0.8

v18.1.1

v18.1.2

v18.1.3

v18.2.0

v18.2.1

v19.*

v19.0.0

v19.0.1

v19.0.2

v19.0.3

v20.*

v20.0.0

v20.0.1

v20.0.2

v20.0.3

v20.0.4

v20.1.1

v20.1.4

v20.2.0

v20.2.1

v20.2.3

v20.2.5

v20.2.6

v20.2.7

v20.2.8

v20.3.1

v20.3.3

v20.3.5

v20.3.6

v20.3.7

v20.4.0

v20.4.2

v20.5.0

v20.5.2

v20.5.3

v20.6.0

v20.6.1

v20.6.2

v20.7.2

v20.7.3

v20.7.4

v20.8.0

v20.8.1

v20.8.10

v20.8.11

v20.8.13

v20.8.14

v20.8.15

v20.8.16

v20.8.17

v20.8.18

v20.8.19

v20.8.2

v20.8.20

v20.8.23

v20.8.24

v20.8.3

v20.8.4

v20.8.5

v20.8.6

v20.8.7

v20.8.8

v20.8.9

v21.*

v21.0.1

v21.0.2

v21.0.7

v21.1.0

v21.1.1

v21.1.2

v21.1.4

v21.1.6

v21.1.8

v21.1.9

v21.2.1

v21.2.7

v21.2.8

v21.2.9

v21.3.0

v21.3.1

v21.3.3

v21.3.4

v21.3.5

v21.3.7

v21.3.8

v21.4.0

v21.4.1

v21.5.0

v21.5.1

v21.5.2

v21.6.1

v21.6.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3973.json"