113 matches found
CVE-2020-14161
It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint...
Julien Neuhart gotenberg Code Issues Vulnerabilities
Julien Neuhart gotenberg is Julien Neuhart open source an application interface. Used to convert HTML, Markdown and Office documents to PDF. gotenberg has a security vulnerability , the vulnerability stems from the vulnerability to attacks through the /convert/html endpoint forged server-side...
GHSA-6H7F-QWQM-35PP Arbitrary File Read in phantom-html-to-pdf
This affects the package phantom-html-to-pdf before 0.6.1. PoC js var fs = require'fs' var conversion = require"phantom-html-to-pdf"; conversion.allowLocalFilesAccess = false conversion html: "document.writewindow.location='c:/windows/win.ini'" , functionerr, pdf var output =...
Arbitrary File Read in phantom-html-to-pdf
This affects the package phantom-html-to-pdf before 0.6.1. PoC js var fs = require'fs' var conversion = require"phantom-html-to-pdf"; conversion.allowLocalFilesAccess = false conversion html: "document.writewindow.location='c:/windows/win.ini'" , functionerr, pdf var output =...
Arbitrary File Read
phantom-html-to-pdf is vulnerable to arbitrary file read. An attacker is able to gain access and read arbitrary files on the host by specifying the file path...
CVE-2020-7763
This affects the package phantom-html-to-pdf before 0.6.1...
CVE-2020-7763
This affects the package phantom-html-to-pdf before 0.6.1...
Design/Logic Flaw
This affects the package phantom-html-to-pdf before 0.6.1...
CVE-2020-7763 Arbitrary File Read
This affects the package phantom-html-to-pdf before 0.6.1...
CVE-2020-7763
CVE-2020-7763 affects the npm package phantom-html-to-pdf and is an arbitrary file read vulnerability present in versions before 0.6.1. The weakness is demonstrated by a PoC (in the GitHub advisory and Snyk reference) that bypasses file access restrictions to read local host files (e.g., using wi...
@dfeidao/server (>=4.5.201902251314 <=4.6.201910181238), @fabrix/spool-pdf (>=1.5.0 <=1.5.0-alpha.1) +23 more potentially affected by CVE-2020-7763 via phantom-html-to-pdf (>=0.1.2 <=0.6.0)
phantom-html-to-pdf NPM version =0.1.2, =4.5.201902251314, =1.5.0, =5.0.201901071713, =5.0.201812141540, =1.0.1-server20190117165116, =1.0.201901260938, =2.0.0, =1.0.202005312012, =1.0.3, =0.1.0, =0.4.0, =1.0.1, =1.0.3 - jsreport-fop-xsl-pdf =1.0.4 and more Source cves: CVE-2020-7763 Source...
Server-Side Request Forgery (SSRF)
Overview node-pdf-generator is a Web server to generate PDF's from HTML Affected versions of this package are vulnerable to Server-Side Request Forgery SSRF. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to...
Path Traversal in marcbachmann/node-html-pdf
Overview html-pdf is a Html to pdf converter in Node.js, this package is vulnerable to Arbitrary File Read. The package fails to sanitize the HTML input, allowing attackers to exfiltrate server files by supplying malicious HTML code. XHR requests in the HTML code are executed by the server. Input...
CVE-2020-8853
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2020-8853
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Foxit PhantomPDF Out-of-Bounds Write Remote Code Execution Vulnerability (CNVD-2020-10626)
PhantomPDF is a Chinese Foxit Foxit company for enterprise-level users of PDF document processing software. An out-of-bounds write remote code execution vulnerability exists in Foxit PhantomPDF 9.7.0.29455 and earlier versions when converting HTML files to PDF. The vulnerability stems from a lack...
CVE-2020-8853
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Foxit PhantomPDF < 9.7.1 Multiple Vulnerabilities
According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 9.7.1. It is, therefore, affected by multiple vulnerabilities: - A use-after-free error exists related to handling watermarks, AcroForm objects, text fields, or...
Foxit Reader < 9.7.1 Multiple Vulnerabilities
According to its version, the Foxit Reader application formally known as Phantom installed on the remote Windows host is prior to 9.7.1. It is, therefore, affected by multiple vulnerabilities: - A use-after-free error exists related to handling watermarks, AcroForm objects, text fields, or...