Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-3973: 21.6.3 release · jgraph/drawio@1db2c2c

Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.

CVE
Open in Source
#xss#google#git

Expand Up @@ -11876,7 +11876,6 @@ { Editor.currentTheme = value; this.themeSwitching = true; var scrollState = this.saveScrollState();
mxUtils.setPrefixedStyle(this.container.style, 'transition’, 'all ' + delay + ‘ms ease-in-out’); Expand All @@ -11888,6 +11887,7 @@
window.setTimeout(mxUtils.bind(this, function() { var scrollState = this.saveScrollState(); this.editor.graph.stopEditing(false); this.container.style.opacity = '0’;
Expand Down Expand Up @@ -11953,6 +11953,44 @@ return noRestart; };
/** * Saves scroll position */ EditorUi.prototype.saveScrollState = function() { var t = this.editor.graph.view.translate; var x = this.diagramContainer.scrollLeft; var y = this.diagramContainer.scrollTop;
if (this.embedViewport != null) { if (!Editor.inlineFullscreen) { x += this.embedViewport.x; y += this.embedViewport.y; } else { x -= this.embedViewport.x; y -= this.embedViewport.y; } }
return {x: x, y: y, tx: t.x, ty: t.y}; };
/** * Dynamic change of dark mode. */ EditorUi.prototype.restoreScrollState = function(state) { var s = this.editor.graph.view.scale; var t = this.editor.graph.view.translate;
this.diagramContainer.scrollLeft = state.x + (t.x - state.tx) * s; this.diagramContainer.scrollTop = state.y + (t.y - state.ty) * s; };
/** * Overrides image dialog to add image search and Google+. */ Expand Down Expand Up @@ -14180,46 +14218,6 @@ } };
/** * Saves scroll position */ EditorUi.prototype.saveScrollState = function() { var t = this.editor.graph.view.translate; var off = mxUtils.getOffset(this.diagramContainer); var x = this.diagramContainer.scrollLeft - off.x; var y = this.diagramContainer.scrollTop - off.y;
if (this.embedViewport != null) { if (!Editor.inlineFullscreen) { x += this.embedViewport.x; y += this.embedViewport.y; } else { x -= this.embedViewport.x; y -= this.embedViewport.y; } }
return {x: x, y: y, tx: t.x, ty: t.y}; };
/** * Dynamic change of dark mode. */ EditorUi.prototype.restoreScrollState = function(state) { var s = this.editor.graph.view.scale; var t = this.editor.graph.view.translate; var off = mxUtils.getOffset(this.diagramContainer);
this.diagramContainer.scrollLeft = state.x + off.x + (t.x - state.tx) * s; this.diagramContainer.scrollTop = state.y + off.y + (t.y - state.ty) * s; };
/** * Dynamic change of dark mode. */ Expand Down

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE