83 matches found
CVE-2025-46568 Stirling-PDF Server-Side Request Forgery (SSRF)-Induced Arbitrary File Read Vulnerability
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references t...
PT-2025-18685
Name of the Vulnerable Software and Affected Versions Stirling-PDF versions prior to 0.45.0 Description Stirling-PDF is a locally hosted web application that allows users to perform various operations on PDF files. The application is vulnerable to SSRF-induced arbitrary file read due to WeasyPrin...
Stirling-PDF 安全漏洞
Stirling-PDF is a powerful, locally hosted, web-based PDF manipulation tool using Docker, open-sourced by Stirling Tools. A security vulnerability exists in Stirling-PDF versions prior to 0.45.0, which stems from a flaw in WeasyPrint's handling of HTML tags that could lead to server-side request...
CVE-2024-55082
A Server-Side Request Forgery SSRF in the endpoint http://your-server/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request...
Stirling-PDF 安全漏洞
Stirling-PDF is a powerful, locally hosted, web-based PDF manipulation tool using Docker, open-sourced by Stirling Tools. A security vulnerability exists in Stirling-PDF version 0.35.1, which stems from vulnerability to a server-side request forgery attack that allows an attacker to access...
CVE-2024-55082
A Server-Side Request Forgery SSRF in the endpoint http://your-server/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request...
PT-2024-36472 · Unknown · Stirling-Pdf
Name of the Vulnerable Software and Affected Versions: Stirling-PDF version 0.35.1 Description: A Server-Side Request Forgery SSRF issue in the endpoint "http://your-server/url-to-pdf" of Stirling-PDF allows attackers to access sensitive information via a crafted request. This enables attackers t...
CVE-2024-55082
CVE-2024-55082 describes a Server-Side Request Forgery (SSRF) in Stirling-PDF 0.35.1. The vulnerable component is the endpoint http://{your-server}/url-to-pdf, where crafted requests can trigger unauthorized access to sensitive data. Across connected sources, the affected product/stage is consist...
CVE-2024-55082
A Server-Side Request Forgery SSRF in the endpoint http://your-server/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request...
CVE-2024-52286
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...
CVE-2024-52286 Self Cross Site Scripting (XSS) In Merge Functionality in Stirling-PDF
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...
CVE-2024-52286 Self Cross Site Scripting (XSS) In Merge Functionality in Stirling-PDF
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...
CVE-2024-52286
CVE-2024-52286 affects Stirling-PDF prior to 0.32.0. The Merge function uses untrusted file names directly in innerHTML (code starts at Line 24 in merge.js), enabling a self‑injection XSS where a user uploading a file with a crafted name can execute JavaScript in their own browser context. The vu...
CVE-2024-52286 Self Cross Site Scripting (XSS) In Merge Functionality in Stirling-PDF
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...
Stirling-PDF 安全漏洞
Stirling-PDF is a powerful, locally hosted, web-based PDF manipulation tool using Docker, open-sourced by Stirling Tools. A security vulnerability exists in Stirling-PDF versions prior to 0.32.0 that stems from a merge function that accepts untrusted user input and uses it directly to create HTML...
PT-2024-35152 · Unknown · Stirling-Pdf
Name of the Vulnerable Software and Affected Versions: Stirling-PDF versions prior to 0.32.0 Description: The issue in Stirling-PDF allows any unauthenticated user to execute JavaScript code in the context of the user due to the Merge functionality taking untrusted user input file name and using ...
CVE-2024-9075
A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack i...
CVE-2024-9075 Stirling-Tools Stirling-PDF Markdown-to-PDF cross site scripting
A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack i...
CVE-2024-9075 Stirling-Tools Stirling-PDF Markdown-to-PDF cross site scripting
A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack i...
CVE-2024-9075
The CVE-2024-9075 entry concerns Stirling-Tools Stirling-PDF (versions up to 0.28.3) with a cross-site scripting flaw in the Markdown-to-PDF component. The issue enables remote exploitation and is described as having rather high attack complexity and requiring user interaction. Remediation provid...