Lucene search

GoogleOSV:GHSA-99FG-2H75-M92H

HistoryAug 28, 2023 - 6:30 p.m.

Spipu HTML2PDF vulnerable to cross-site scripting

2023-08-2818:30:53

Google

osv.dev

cross site scripting

spipu html2pdf

forms.php

remote attacker

arbitrary code

vulnerable

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

48.7%

JSON

Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php.

CPENameOperatorVersion
spipu/html2pdfeq4.5.1
spipu/html2pdfeq4.6.0
spipu/html2pdfeq4.4.0
spipu/html2pdfeq4.6.1
spipu/html2pdfeq5.2.2
spipu/html2pdfeq5.1.0
spipu/html2pdfeq5.0.1
spipu/html2pdfeq5.2.0
spipu/html2pdfeq5.2.1
spipu/html2pdfeq5.2.6

Name	Operator	Version
spipu/html2pdf	eq	4.5.1
spipu/html2pdf	eq	4.6.0
spipu/html2pdf	eq	4.4.0
spipu/html2pdf	eq	4.6.1
spipu/html2pdf	eq	5.2.2
spipu/html2pdf	eq	5.1.0
spipu/html2pdf	eq	5.0.1
spipu/html2pdf	eq	5.2.0
spipu/html2pdf	eq	5.2.1
spipu/html2pdf	eq	5.2.6

Rows per page:

1-10 of 161

References

github.com/afine-com/CVE-2023-39062

github.com/sectroyer/CVEs/tree/main/CVE-2023-39062

github.com/spipu/html2pdf

github.com/spipu/html2pdf/blob/92afd81823d62ad95eb9d034858311bb63aeb4ac/CHANGELOG.md

github.com/spipu/html2pdf/commit/92afd81823d62ad95eb9d034858311bb63aeb4ac

nvd.nist.gov/vuln/detail/CVE-2023-39062

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

48.7%

JSON

Related for OSV:GHSA-99FG-2H75-M92H