Browse all 3 CVE security advisories affecting Gliffy. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Gliffy serves as a web-based diagramming tool primarily used for creating flowcharts, UML diagrams, and other visual documentation. Historically, the platform has been susceptible to cross-site scripting (XSS) vulnerabilities and remote code execution flaws, often stemming from improper input validation and insufficient sanitization of user-supplied data. While no major public security incidents have been widely reported, the three documented CVEs highlight persistent risks in web application security, particularly around injection-based attacks and inadequate access controls. These vulnerabilities could potentially allow attackers to execute arbitrary code, manipulate sessions, or escalate privileges within the application environment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-5174 | Broken Authentication in Gliffy — Gliffy OnlineCWE-287 | 6.8 | - | 2025-02-24 |
| CVE-2024-7141 | CSRF in Gliffy — Gliffy OnlineCWE-352 | 8.8 | - | 2025-02-20 |
| CVE-2024-10315 | Insecure Configuration in Gliffy Online — Gliffy OnlineCWE-942 | 9.4AI | CriticalAI | 2024-11-11 |
This page lists every published CVE security advisory associated with Gliffy. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.