CVE-2024-30263

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the file parameter. Users with view rights can access restricted PDF attachments if the...

CVE-2024-30263

The CVE-2024-30263 issue affects macro-pdfviewer, a PDF Viewer Macro for XWiki that uses Mozilla pdf.js. The vulnerability allows users with editing rights to access restricted PDF attachments by supplying the attachment URL as the value of the file parameter, and users with view rights can acces...

CVE-2024-30263 The PDF Viewer macro can be used to view PDF attachments with restricted access

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the file parameter. Users with view rights can access restricted PDF attachments if the...

CVE-2024-30263 The PDF Viewer macro can be used to view PDF attachments with restricted access

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the file parameter. Users with view rights can access restricted PDF attachments if the...

SUSE CVE-2015-1302

The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and outofprocessinstance.cc...

SUSE CVE-2015-2743

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass...

CVE-2022-4670

The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Cross site scripting

The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4670 PDF.js Viewer < 2.1.8 - Contributor+ Stored XSS via Shortcode

The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4670 PDF.js Viewer < 2.1.8 - Contributor+ Stored XSS via Shortcode

The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4670

The CVE-2022-4670 entry affects the WordPress plugin PDF.js Viewer prior to 2.1.8. The vulnerability stems from not validating and escaping certain shortcode attributes, allowing stored cross-site scripting (Stored XSS) for users with the Contributor role and above when the shortcode is embedded ...

WordPress plugin PDF.js Viewer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL server set up a personal blog site. WordPress plugin is an application plug-in. A cross-site scripting vulnerability...

WordPress PDF.js Viewer Plugin < 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Software PDF.js Viewer Type Plugin Vulnerable versions 2.1.8 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4670 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 33028ec86f1d Credits Lana Codes Required...

PDF.js Viewer < 2.1.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. pdfjs-viewer viewerheight='"...

PDF.js Viewer < 2.1.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC pdfjs-viewer viewerheight='"...

Ubuntu 20.04 LTS / 22.04 LTS : GNOME Web vulnerabilities (USN-5561-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5561-1 advisory. It was discovered that GNOME Web incorrectly filtered certain strings. A remote attacker could use this issue to perform cross-site scripting...

GHSA-7JG2-JGV3-FMR4 Malicious PDF can inject JavaScript into PDF Viewer

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8, Firefox 60 and...

Malicious PDF can inject JavaScript into PDF Viewer

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8, Firefox 60 and...

Updated epiphany packages fix security vulnerability

XSS can occur in GNOME Web aka Epiphany before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list CVE-2021-45085. XSS can occur in GNOME Web aka Epiphany before 40.4 a...

Mageia: Security Advisory (MGASA-2015-0131)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...