15.2.3
10 years ago
24 days ago
Known vulnerabilities in the diagram-js package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
diagram-js is a framework for modifying diagrams in browser. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Pasting HTML text anywhere that allows text input in the modeler evaluates the HTML as is. It can be exploited by adding a new element on the canvas and editing the name to contain html. For example, How to fix Cross-site Scripting (XSS)? Upgrade | <2.6.2>=3.0.0 <3.3.1 |