Plantuml

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-0858 MEDIUM PATCH This Month

PlantUML versions before 1.2026.0 fail to properly sanitize interactive attributes in GraphViz diagrams, allowing attackers to inject malicious JavaScript into SVG output through crafted diagram files. Applications that render these SVGs are vulnerable to arbitrary script execution within the user's browser context. A patch is available to address this stored XSS vulnerability.

XSS Plantuml Redhat Suse

NVD GitHub

CVSS 3.1

6.1

EPSS

0.0%

CVE-2026-0858

EPSS 0% CVSS 6.1

MEDIUM PATCH This Month

PlantUML versions before 1.2026.0 fail to properly sanitize interactive attributes in GraphViz diagrams, allowing attackers to inject malicious JavaScript into SVG output through crafted diagram files. Applications that render these SVGs are vulnerable to arbitrary script execution within the user's browser context. A patch is available to address this stored XSS vulnerability.

XSS Plantuml Redhat +1

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy