PT-2020-21153 — XSS in Bpmn Io Diagram-Js

PT-2020-21153 · Bpmn Io · Diagram-Js

Published

2020-09-11

Updated

2020-09-11

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions diagram-js versions prior to 3.3.1 diagram-js versions prior to 2.6.2

Description The issue concerns the failure to escape output of user-controlled input in the search-pad, allowing attackers to execute arbitrary JavaScript, which can lead to Cross-Site Scripting.

Recommendations If you are using diagram-js 3.x, upgrade to version 3.3.1. If you are using diagram-js 2.x, upgrade to version 2.6.2.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

GHSA-8FW4-XH83-3J6Q

Affected Products

Diagram-Js

PT-2020-21153 · Bpmn Io · Diagram-Js

Weakness Enumeration

Related Identifiers

Affected Products

References · 5