GitHub Advisory DatabaseGHSA-VH59-V9R5-4MH4Cross-site scripting in jspdf
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
49.7%
Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It’s possible to inject JavaScript code via the html method.
References
github.com/advisories/GHSA-vh59-v9r5-4mh4
github.com/MrRio/jsPDF/issues/2795
github.com/parallax/jsPDF/issues/2862
github.com/parallax/jsPDF/issues/2971
github.com/parallax/jsPDF/pull/2806
nvd.nist.gov/vuln/detail/CVE-2020-7690
snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-575260
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-575258
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-575259
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575257
snyk.io/vuln/SNYK-JS-JSPDF-575256
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
49.7%