CVE-2019-13127: Cross-site Scripting

July 1, 2019 (updated July 8, 2019)

An issue was discovered in mxGraph related to the draw.io Diagrams plugin for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with javascript/examples/grapheditor/www/js/Dialogs.js.

References

nvd.nist.gov/vuln/detail/CVE-2019-13127

Detect and mitigate CVE-2019-13127 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →