cvedb.io
CVE-2022-1231
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2022-04-15T15:15:12.133 · Last modified 2026-06-17T04:22:03.487

Summary

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running).

Affected products

plantuml — plantuml

Does this affect you?

Add your gear to cvedb and we'll alert you only when plantuml ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.