324 matches found
CVE-2021-43691
tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/loadfont.php. The variable src is coming from $SERVER"argv" then there is a path manipulation vulnerability...
CVE-2021-43691
tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/loadfont.php. The variable src is coming from $SERVER"argv" then there is a path manipulation vulnerability...
Path traversal
tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/loadfont.php. The variable src is coming from $SERVER"argv" then there is a path manipulation vulnerability...
CVE-2021-43691
Tripexpress v1.1 is affected by a path traversal vulnerability in file system/helpers/dompdf/load_font.php. The issue arises because the variable src is assigned from $_SERVER["argv"] (src coming from argv) and is not properly validated, enabling path manipulation. No remediation or patch details...
CVE-2021-43691
tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/loadfont.php. The variable src is coming from $SERVER"argv" then there is a path manipulation vulnerability...
in dompdf/dompdf
Description Improper restriction of external entities XXE in DomPDF's SVG parser allows it to perform an SSRF even if isRemoteEnabled set to false or even cause a deserialization attack in the SVG parser this time. Proof of Concept Payload 1 - SSRF only allowurlfopen required This embeds Google...
in bookstackapp/bookstack
Description The dompdf chroot option in Bookstack App is set to basepath, which is the Laravel root folder /var/www/bookstack. An attacker can hence load any image file in the Laravel folder /var/www/bookstack or its subdirectories via PDF exports. Proof of Concept 1: Place an image file in...
CVE-2021-40925
Cross-site scripting XSS vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $SERVER"PHPSELF" parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $SERVER"PHPSELF" parameter...
CVE-2021-40925
Cross-site scripting XSS vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $SERVER"PHPSELF" parameter...
CVE-2021-40925
CVE-2021-40925 is an XSS vulnerability in dompdf/dompdf/www/demo.php used by infaveo-helpdesk v1.11.0 and earlier. The issue arises from reflecting the $_SERVER["PHP_SELF"] parameter, enabling remote attackers to inject arbitrary script/HTML. Affected component: demo.php in the dompdf/dompdf pack...
in dompdf/dompdf
Description The Scenario 3 you described in this report https://huntr.dev/bounties/0bdddc12-ff67-4815-ab9f-6011a974f48e/ actually opens up the ability to bypass chroot checks. Proof of Concept 1: Make sure you install Dompdf from GitHub https://github.com/dompdf/dompdf/ and include the following...
in dompdf/dompdf
Description DomPDF is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate...
Server-Side Request Forgery (SSRF) in bookstackapp/bookstack
✍️ Description User with "Editor" rights can create a special book page containing tag with "src" property pointing to any external or internal resource. Exporting this page using default domPdf will result in firing request from server side. 🕵️♂️ Proof of Concept Updating page with malicious...
CVE-2020-36115
Stored Cross Site Scripting XSS vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'...
Cross site scripting
Stored Cross Site Scripting XSS vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'...
CVE-2020-36115
Stored Cross Site Scripting XSS vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'...
CVE-2020-36115
CVE-2020-36115 affects the EGavilan Media CRUD Operation (PHP/MySQL/Bootstrap/Dompdf) where the First Name or Last Name field in the Add New Record feature allows Stored XSS. The vulnerability is described as a Stored Cross Site Scripting (XSS) via input fields, with no explicit exploit details o...
CVE-2020-36115
Stored Cross Site Scripting XSS vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'...
EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting
Exploit Title: EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting Exploit Author: Mahendra Purbia Vendor Homepage: http://egavilanmedia.com Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/ Version: 1.0 Tested on: Windows 10 Vulnerable...