diagram-js@2.5.0 vulnerabilities
A toolbox for displaying and modifying diagrams on the web
-
latest version
15.2.3
-
latest non vulnerable version
-
first published
11 years ago
-
latest version published
5 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the diagram-js package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
diagram-js is a framework for modifying diagrams in browser. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Pasting HTML text anywhere that allows text input in the modeler evaluates the HTML as is. It can be exploited by adding a new element on the canvas and editing the name to contain html. For example, How to fix Cross-site Scripting (XSS)? Upgrade |
<2.6.2
>=3.0.0 <3.3.1
|