We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
Versions of draw.io prior to 18.0.0 are susceptible to the stored XSS attack described at https://huntr.dev/bounties/033d3423-eb05-4b53-a747-1bfcba873127/ if they do not have an appropriate CSP to block unsafe-inline script.
I don't know if this project bundles draw.io, but if it does I would test against the test case and update to 18.0.0 is found to be susceptible.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Versions of draw.io prior to 18.0.0 are susceptible to the stored XSS attack described at https://huntr.dev/bounties/033d3423-eb05-4b53-a747-1bfcba873127/ if they do not have an appropriate CSP to block unsafe-inline script.
I don't know if this project bundles draw.io, but if it does I would test against the test case and update to 18.0.0 is found to be susceptible.
The text was updated successfully, but these errors were encountered: