Code injection

2021-09-1513:15:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.9%

JSON

PDFTron’s WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code.

CPENameOperatorVersion
webviewer_uile8.0

CPE	Name	Operator	Version
	webviewer_ui	le	8.0

References

research.nccgroup.com/2021/09/14/technical-advisory-pdftron-javascript-urls-allowed-in-webviewer-ui-cve-2021-39307/

www.pdftron.com/webviewer/