Cross-site Scripting (XSS)
Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Cross-site Scripting XSS. It's possible to inject JavaScript code via the html method. PoC var doc = new jsPDF; window.html2canvas = html2canvas; let html = a ; doc.htmlhtml, callback:...