Lucene search
K

36 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:43 a.m.3 views

CVE-2024-33007

PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript or any harmful client-side script, the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential securi...

3.5CVSS7.1AI score0.00341EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:22 p.m.13 views

CVE-2024-52299

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest...

7.5CVSS6.4AI score0.00516EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:34 a.m.7 views

CVE-2024-30263

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the file parameter. Users with view rights can access restricted PDF attachments if the...

7.7CVSS6.8AI score0.00548EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/13 3:42 p.m.13 views

CVE-2024-52298 macro-pdfviewer's preview in WYSIWYG editor allows accessing any PDF document as the last author

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs...

7.5CVSS7.4AI score0.0066EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/11/13 3:24 p.m.13 views

CVE-2024-52300 macro-pdfviewer has a XSS through the width parameter

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin...

9CVSS0.00418EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.4 views

PT-2024-8489 · Mozilla · Pdf.Js

Name of the Vulnerable Software and Affected Versions: macro-pdfviewer versions prior to 2.5.6 Description: The macro-pdfviewer, a PDF Viewer Macro for XWiki using Mozilla pdf.js, has a vulnerability that allows an attacker to view any attachment using the "Delegate my view right" feature. This c...

7.8CVSS7.1AI score0.0066EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.4 views

PT-2024-8494 · Mozilla · Pdf.Js

Name of the Vulnerable Software and Affected Versions: macro-pdfviewer versions prior to 2.5.6 Description: The issue is related to the macro-pdfviewer PDF viewer macro for XWiki, which uses Mozilla pdf.js. The width parameter of the PDF viewer macro is not properly escaped, allowing for cross-si...

9CVSS6.3AI score0.00418EPSS
Exploits0References9
CNVD
CNVD
added 2024/06/14 12:0 a.m.7 views

Unspecified Vulnerability in SAP PDFViewer (CNVD-2024-27892)

SAP PDFViewer is the United States SAP SAP a PDF viewer. A security vulnerability exists in SAP PDFViewer that stems from the fact that if a PDF document contains embedded JavaScript, PDFViewer will execute the embedded JavaScript in the PDF, which could lead to a potential security threat. No...

3.5CVSS6.9AI score0.00341EPSS
Exploits0References1
NVD
NVD
added 2024/05/14 4:17 p.m.14 views

CVE-2024-33007

PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript or any harmful client-side script, the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential securi...

3.5CVSS4.2AI score0.00341EPSS
Exploits0References2
CVE
CVE
added 2024/05/14 3:44 a.m.41 views

CVE-2024-33007

CVE-2024-33007 affects SAPUI5 PDFViewer, a control that renders PDF content embedded by default. The underlying issue is execution of embedded JavaScript in PDFs by PDFViewer, which can trigger security threats. Affected component/file: PDFViewer within SAPUI5; root cause is server/client-side sc...

3.5CVSS7AI score0.00341EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/14 3:44 a.m.11 views

CVE-2024-33007 Client-side script execution vulnerability in SAP UI5(PDFViewer)

PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript or any harmful client-side script, the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential securi...

3.5CVSS4.6AI score0.00341EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/14 3:44 a.m.12 views

CVE-2024-33007 Client-side script execution vulnerability in SAP UI5(PDFViewer)

PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript or any harmful client-side script, the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential securi...

3.5CVSS7.1AI score0.00341EPSS
Exploits0References2
CVE
CVE
added 2024/04/04 4:51 p.m.61 views

CVE-2024-30263

The CVE-2024-30263 issue affects macro-pdfviewer, a PDF Viewer Macro for XWiki that uses Mozilla pdf.js. The vulnerability allows users with editing rights to access restricted PDF attachments by supplying the attachment URL as the value of the file parameter, and users with view rights can acces...

7.7CVSS7.6AI score0.00548EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.5 views

PT-2024-23306 · Mozilla · Pdf.Js

Name of the Vulnerable Software and Affected Versions: macro-pdfviewer versions prior to 2.5.1 Description: The macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro by passing the attachment U...

7.7CVSS7.1AI score0.00548EPSS
Exploits0References5
CVE
CVE
added 2023/11/30 5:53 p.m.39 views

CVE-2023-6354

Tyler Technologies Magistrate Court Case Management Plus is affected by CVE-2023-6354. An unauthenticated remote attacker can upload, delete, and view files by manipulating the PDFViewer.aspx?filename parameter, indicating inadequate input handling/authorization on that endpoint. The root cause c...

9.4CVSS7.2AI score0.00991EPSS
Exploits0References4Affected Software1
Openbugbounty
Openbugbounty
added 2016/06/06 6:55 a.m.8 views

peacefmonline.com XSS vulnerability

Vulnerable URL: http://www.peacefmonline.com/tools/pdfviewer/jmp/?file=" Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 09:38 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 18752 VIP website status:| Yes Che...

6.3AI score
Exploits0
Rows per page
Query Builder