Lucene search
K

113 matches found

OSV
OSV
added 2021/08/26 11:15 a.m.12 views

CVE-2020-14161

It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint...

6.1CVSS6.6AI score0.00902EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/02/26 12:0 a.m.7 views

Julien Neuhart gotenberg Code Issues Vulnerabilities

Julien Neuhart gotenberg is Julien Neuhart open source an application interface. Used to convert HTML, Markdown and Office documents to PDF. gotenberg has a security vulnerability , the vulnerability stems from the vulnerability to attacks through the /convert/html endpoint forged server-side...

5.3CVSS6AI score0.01053EPSS
Exploits1References3
OSV
OSV
added 2020/11/06 6:6 p.m.2 views

GHSA-6H7F-QWQM-35PP Arbitrary File Read in phantom-html-to-pdf

This affects the package phantom-html-to-pdf before 0.6.1. PoC js var fs = require'fs' var conversion = require"phantom-html-to-pdf"; conversion.allowLocalFilesAccess = false conversion html: "document.writewindow.location='c:/windows/win.ini'" , functionerr, pdf var output =...

7.5CVSS5.8AI score0.01598EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2020/11/06 6:6 p.m.50 views

Arbitrary File Read in phantom-html-to-pdf

This affects the package phantom-html-to-pdf before 0.6.1. PoC js var fs = require'fs' var conversion = require"phantom-html-to-pdf"; conversion.allowLocalFilesAccess = false conversion html: "document.writewindow.location='c:/windows/win.ini'" , functionerr, pdf var output =...

7.5CVSS7.3AI score0.01598EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2020/11/06 6:44 a.m.28 views

Arbitrary File Read

phantom-html-to-pdf is vulnerable to arbitrary file read. An attacker is able to gain access and read arbitrary files on the host by specifying the file path...

7.5CVSS2.7AI score0.01598EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2020/11/05 2:15 p.m.12 views

CVE-2020-7763

This affects the package phantom-html-to-pdf before 0.6.1...

7.5CVSS7.5AI score0.01598EPSS
Exploits1References2
OSV
OSV
added 2020/11/05 2:15 p.m.19 views

CVE-2020-7763

This affects the package phantom-html-to-pdf before 0.6.1...

7.5CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2020/11/05 2:15 p.m.12 views

Design/Logic Flaw

This affects the package phantom-html-to-pdf before 0.6.1...

5CVSS7.5AI score0.01598EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/11/05 1:25 p.m.19 views

CVE-2020-7763 Arbitrary File Read

This affects the package phantom-html-to-pdf before 0.6.1...

7.5CVSS7.5AI score0.01598EPSS
Exploits1References2
CVE
CVE
added 2020/11/05 1:25 p.m.57 views

CVE-2020-7763

CVE-2020-7763 affects the npm package phantom-html-to-pdf and is an arbitrary file read vulnerability present in versions before 0.6.1. The weakness is demonstrated by a PoC (in the GitHub advisory and Snyk reference) that bypasses file access restrictions to read local host files (e.g., using wi...

7.5CVSS7.5AI score0.01598EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2020/10/29 9:26 a.m.3 views

@dfeidao/server (>=4.5.201902251314 <=4.6.201910181238), @fabrix/spool-pdf (>=1.5.0 <=1.5.0-alpha.1) +23 more potentially affected by CVE-2020-7763 via phantom-html-to-pdf (>=0.1.2 <=0.6.0)

phantom-html-to-pdf NPM version =0.1.2, =4.5.201902251314, =1.5.0, =5.0.201901071713, =5.0.201812141540, =1.0.1-server20190117165116, =1.0.201901260938, =2.0.0, =1.0.202005312012, =1.0.3, =0.1.0, =0.4.0, =1.0.1, =1.0.3 - jsreport-fop-xsl-pdf =1.0.4 and more Source cves: CVE-2020-7763 Source...

7.5CVSS7.1AI score0.01598EPSS
Exploits1
Snyk
Snyk
added 2020/09/03 10:48 p.m.5 views

Server-Side Request Forgery (SSRF)

Overview node-pdf-generator is a Web server to generate PDF's from HTML Affected versions of this package are vulnerable to Server-Side Request Forgery SSRF. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to...

8.2CVSS6.7AI score0.02044EPSS
Exploits0References2
Huntr
Huntr
added 2020/08/17 12:0 a.m.25 views

Path Traversal in marcbachmann/node-html-pdf

Overview html-pdf is a Html to pdf converter in Node.js, this package is vulnerable to Arbitrary File Read. The package fails to sanitize the HTML input, allowing attackers to exfiltrate server files by supplying malicious HTML code. XHR requests in the HTML code are executed by the server. Input...

4.1AI score
Exploits0References1
NVD
NVD
added 2020/02/14 6:15 p.m.28 views

CVE-2020-8853

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.8AI score0.06004EPSS
Exploits0References2
OSV
OSV
added 2020/02/14 6:15 p.m.4 views

CVE-2020-8853

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.5AI score0.06004EPSS
Exploits0References2
Prion
Prion
added 2020/02/14 6:15 p.m.14 views

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS7.8AI score0.06004EPSS
Exploits0References2Affected Software2
CNVD
CNVD
added 2020/02/14 12:0 a.m.2 views

Foxit PhantomPDF Out-of-Bounds Write Remote Code Execution Vulnerability (CNVD-2020-10626)

PhantomPDF is a Chinese Foxit Foxit company for enterprise-level users of PDF document processing software. An out-of-bounds write remote code execution vulnerability exists in Foxit PhantomPDF 9.7.0.29455 and earlier versions when converting HTML files to PDF. The vulnerability stems from a lack...

7.8CVSS8.2AI score0.06004EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/02/13 10:20 p.m.29 views

CVE-2020-8853

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.8AI score0.06004EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/02/06 12:0 a.m.30 views

Foxit PhantomPDF < 9.7.1 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 9.7.1. It is, therefore, affected by multiple vulnerabilities: - A use-after-free error exists related to handling watermarks, AcroForm objects, text fields, or...

8.8CVSS8.6AI score0.03485EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2020/02/06 12:0 a.m.29 views

Foxit Reader < 9.7.1 Multiple Vulnerabilities

According to its version, the Foxit Reader application formally known as Phantom installed on the remote Windows host is prior to 9.7.1. It is, therefore, affected by multiple vulnerabilities: - A use-after-free error exists related to handling watermarks, AcroForm objects, text fields, or...

8.8CVSS7.7AI score0.03485EPSS
Exploits4References5
Rows per page
Query Builder