10 matches found
CVE-2026-34071
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a...
CVE-2026-34071 Stirling-PDF has Stored Cross Site Scripting (XSS) via EML-to-HTML Export
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a...
EUVD-2026-16271
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a...
CVE-2026-34071
CVE-2026-34071 affects Stirling-PDF. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with downloadHtml=true returns unsanitized HTML from the email body (Content-Type: text/html). An attacker sending a malicious email to a Stirling-PDF user can achieve JavaScript execution when the user ex...
CVE-2026-2683 Tsinghua Unigroup Electronic Archives System downLoad.html path traversal
A vulnerability was found in Tsinghua Unigroup Electronic Archives System 3.2.21080262532. The affected element is an unknown function of the file /Using/Subject/downLoad.html. Performing a manipulation of the argument path results in path traversal. The attack may be initiated remotely. The...
CVE-2026-2683 Tsinghua Unigroup Electronic Archives System downLoad.html path traversal
A vulnerability was found in Tsinghua Unigroup Electronic Archives System 3.2.21080262532. The affected element is an unknown function of the file /Using/Subject/downLoad.html. Performing a manipulation of the argument path results in path traversal. The attack may be initiated remotely. The...
PT-2026-20556
Name of the Vulnerable Software and Affected Versions Tsinghua Unigroup Electronic Archives System version 3.2.21080262532 Description A path traversal issue exists in Tsinghua Unigroup Electronic Archives System version 3.2.21080262532. The issue is located in an unknown function within the...
CVE-2025-5986
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data e.g. using /dev/urandom on Linux or to...
WordPress Download HTML TinyMCE Button plugin <= 1.2 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Download HTML TinyMCE Button versions = 1.2...
Tsinghua Unigroup Archives Management System 访问控制错误漏洞
Tsinghua Unigroup Archives Management System is an electronic archives management system software from Tsinghua Unigroup China. An access control error vulnerability exists in Tsinghua Unigroup Archives Management System version 3.2.21080262532, which originates from the parameter path in the fil...