36 matches found
CVE-2024-33007
PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript or any harmful client-side script, the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential securi...
CVE-2024-52299
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest...
CVE-2024-30263
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the file parameter. Users with view rights can access restricted PDF attachments if the...
CVE-2024-52298 macro-pdfviewer's preview in WYSIWYG editor allows accessing any PDF document as the last author
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs...
CVE-2024-52300 macro-pdfviewer has a XSS through the width parameter
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin...
PT-2024-8489 · Mozilla · Pdf.Js
Name of the Vulnerable Software and Affected Versions: macro-pdfviewer versions prior to 2.5.6 Description: The macro-pdfviewer, a PDF Viewer Macro for XWiki using Mozilla pdf.js, has a vulnerability that allows an attacker to view any attachment using the "Delegate my view right" feature. This c...
PT-2024-8494 · Mozilla · Pdf.Js
Name of the Vulnerable Software and Affected Versions: macro-pdfviewer versions prior to 2.5.6 Description: The issue is related to the macro-pdfviewer PDF viewer macro for XWiki, which uses Mozilla pdf.js. The width parameter of the PDF viewer macro is not properly escaped, allowing for cross-si...
Unspecified Vulnerability in SAP PDFViewer (CNVD-2024-27892)
SAP PDFViewer is the United States SAP SAP a PDF viewer. A security vulnerability exists in SAP PDFViewer that stems from the fact that if a PDF document contains embedded JavaScript, PDFViewer will execute the embedded JavaScript in the PDF, which could lead to a potential security threat. No...
CVE-2024-33007
PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript or any harmful client-side script, the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential securi...
CVE-2024-33007
CVE-2024-33007 affects SAPUI5 PDFViewer, a control that renders PDF content embedded by default. The underlying issue is execution of embedded JavaScript in PDFs by PDFViewer, which can trigger security threats. Affected component/file: PDFViewer within SAPUI5; root cause is server/client-side sc...
CVE-2024-33007 Client-side script execution vulnerability in SAP UI5(PDFViewer)
PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript or any harmful client-side script, the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential securi...
CVE-2024-33007 Client-side script execution vulnerability in SAP UI5(PDFViewer)
PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript or any harmful client-side script, the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential securi...
CVE-2024-30263
The CVE-2024-30263 issue affects macro-pdfviewer, a PDF Viewer Macro for XWiki that uses Mozilla pdf.js. The vulnerability allows users with editing rights to access restricted PDF attachments by supplying the attachment URL as the value of the file parameter, and users with view rights can acces...
PT-2024-23306 · Mozilla · Pdf.Js
Name of the Vulnerable Software and Affected Versions: macro-pdfviewer versions prior to 2.5.1 Description: The macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro by passing the attachment U...
CVE-2023-6354
Tyler Technologies Magistrate Court Case Management Plus is affected by CVE-2023-6354. An unauthenticated remote attacker can upload, delete, and view files by manipulating the PDFViewer.aspx?filename parameter, indicating inadequate input handling/authorization on that endpoint. The root cause c...
peacefmonline.com XSS vulnerability
Vulnerable URL: http://www.peacefmonline.com/tools/pdfviewer/jmp/?file=" Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 09:38 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 18752 VIP website status:| Yes Che...