Vulnerability CVE-2023-3973
Published: 2023-07-27

Description:
Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://github.com/jgraph/drawio/commit/1db2c2c653aa245d175d30c210239e3946bfcb95
https://huntr.dev/bounties/4c1c5db5-210f-4d7e-8380-b95f88fdb78d
Copyright 2026, cxsecurity.com

 

Back to Top