Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/02/19 7:35 p.m.5 views

CVE-2026-25755

A flaw was found in jsPDF. The addJS method accepts user input without proper sanitization, allowing an attacker to inject arbitrary PDF objects into the document. A specially crafted payload that escapes the JavaScript string delimiter can execute malicious actions or alter the document structur...

9.6CVSS6.4AI score0.00817EPSS
Exploits2References7
OSV
OSV
added 2026/02/19 7:32 p.m.7 views

GHSA-9VJF-QC39-JPRP jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method

Impact User control of the argument of the addJS method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user...

8.1CVSS5.9AI score0.00817EPSS
Exploits2References6
Github Security Blog
Github Security Blog
added 2026/02/19 7:32 p.m.9 views

jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method

Impact User control of the argument of the addJS method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user...

9.6CVSS5.9AI score0.00817EPSS
Exploits2References6Affected Software1
NVD
NVD
added 2026/02/19 3:16 p.m.8 views

CVE-2026-25755

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the addJS method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious...

9.6CVSS0.00817EPSS
Exploits2References9
OSV
OSV
added 2026/02/19 2:41 p.m.9 views

CVE-2026-25755 jsPDF has PDF Object Injection via Unsanitized Input in addJS Method

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the addJS method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious...

8.1CVSS5.9AI score0.00817EPSS
Exploits2References11
Cvelist
Cvelist
added 2026/02/19 2:41 p.m.30 views

CVE-2026-25755 jsPDF has PDF Object Injection via Unsanitized Input in addJS Method

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the addJS method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious...

8.1CVSS0.00817EPSS
Exploits2References4
CVE
CVE
added 2026/02/19 2:41 p.m.31 views

CVE-2026-25755

jsPDF before version 4.2.0 is vulnerable in the addJS method: user-controlled argument can inject arbitrary PDF objects by escaping the JavaScript string delimiter, potentially executing actions or altering the document when opened. The issue is fixed in [email protected] (and newer 4.2.1 per IBM bulle...

9.6CVSS5.9AI score0.00817EPSS
Exploits2References9Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.7 views

PT-2026-20850

Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.2.0 Description jsPDF is a JavaScript library used to generate PDF documents. A flaw exists where user-controlled input to the addJS method allows an attacker to inject arbitrary PDF objects into generated documents. ...

10CVSS6.1AI score0.00817EPSS
Exploits2References22
Rows per page
Query Builder