VYPR
Unrated severityNVD Advisory· Published Apr 15, 2022· Updated Aug 2, 2024

XSS via Embedded SVG in SVG Diagram Format in plantuml/plantuml

CVE-2022-1231

Description

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Plantuml/Plantumlllm-fuzzy2 versions
    <1.2022.4+ 1 more
    • (no CPE)range: <1.2022.4
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.