XML Injection

jsPDF is vulnerable to XML Injection. The vulnerability is due to improper input sanitization in the addMetadata function, which allows an attacker to inject arbitrary XMP metadata into generated PDFs and compromise their integrity when the input is unsanitized...

CVE-2026-24043

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the...

CVE-2026-24043 jsPDF Affected by Stored XMP Metadata Injection (Spoofing & Integrity Violation)

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the...

CVE-2026-24043 jsPDF Affected by Stored XMP Metadata Injection (Spoofing & Integrity Violation)

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the...

CVE-2026-24043

The CVE-2026-24043 issue affects the jsPDF library prior to version 4.1.0, where input passed to addMetadata can inject arbitrary XML/XMP metadata into the generated PDF. This XML injection can compromise PDF integrity if the document is later signed, stored, or processed, as noted across multipl...

CVE-2026-24043 jsPDF Affected by Stored XMP Metadata Injection (Spoofing & Integrity Violation)

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the...

XML Injection

Overview Affected versions of this package are vulnerable to XML Injection via the addMetadata function. An attacker can compromise the integrity of generated PDF files by injecting arbitrary XML into the XMP metadata, potentially spoofing document authorship or other metadata fields. Workaround...

jsPDF Vulnerable to Stored XMP Metadata Injection (Spoofing & Integrity Violation)

Impact User control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the generated PDF. If the generated PDF is signed, stored or...

jsPDF 注入漏洞

jsPDF is a JavaScript-based PDF document generation library developed by Parallax. Versions of jsPDF prior to 4.1.0 had an injection vulnerability. This vulnerability stemmed from the first parameter of the addMetadata function, allowing users to inject arbitrary XML, which could potentially...

PT-2026-5717

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the...