5 matches found
Improper Encoding or Escaping of Output
Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the addJS method. An attacker can inject arbitrary PDF objects and execute malicious actions or alter the document structure by supplying...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the addJS method. An attacker can inject arbitrary PDF objects and execute malicious actions or alter the document structure by supplying specially crafted input that escapes the JavaScript...
CVE-2026-25755 jsPDF has PDF Object Injection via Unsanitized Input in addJS Method
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the addJS method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious...
CVE-2026-25755
jsPDF before version 4.2.0 is vulnerable in the addJS method: user-controlled argument can inject arbitrary PDF objects by escaping the JavaScript string delimiter, potentially executing actions or altering the document when opened. The issue is fixed in [email protected] (and newer 4.2.1 per IBM bulle...
jsPDF 竞争条件问题漏洞
jsPDF is a JavaScript-based PDF document generation library developed by Parallax. Versions of jsPDF prior to 4.1.0 contained a race condition vulnerability. This vulnerability stemmed from the use of shared module scope variables in the addJS method, which could lead to cross-user data leaks...