Security Vulnerability "XSS via Embedded SVG" (CVE-2022-1231)

Owned by Michael Griffel
11.05.2022

XSS via Embedded SVG in SVG Diagram Format in plugin release up to 6.60. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications..

https://nvd.nist.gov/vuln/detail/CVE-2022-1231

https://avono-support.atlassian.net/browse/PUML-635

This vulnerability was fixed in release 6.61.