org.webjars.npm:adal-node (=0.1.28), org.webjars.npm:canvg (>=1.5.2 <=1.5.3) +14 more potentially affected by CVE-2026-41675 via org.webjars.npm:xmldom (>=0.1.31 <=0.6.0)

org.webjars.npm:xmldom MAVEN version =0.1.31, =1.5.2, =0.7.2, =0.14.0, =0.11.0, =7.14.0, =2.7.0, =2.9.2 and more Source cves: CVE-2026-41675 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16134553...

@loopspeed/epubjs-rn (>=0.2.38 <=0.2.77), @muriloneo/epubjs-rn (=0.2.37) +8 more potentially affected by CVE-2021-33040 via epubjs (>=0.2.21 <=0.3.88)

epubjs NPM version =0.2.21, =0.2.38, =0.3.25, =0.2.33, =0.2.5, =0.1.0, =0.0.9, =0.2.37, =0.13.1, =0.13.2 - unext-epub-viewer =1.0.0 Source cves: CVE-2021-33040 Source advisory: OSV:GHSA-C6RP-XVQV-MWMF...

Cross-site Scripting in epubjs

managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows XSS...

Cross-site Scripting (XSS)

epubjs is vulnerable to cross-site scripting. The library does not properly sanitize the ePub content due to the insecure use of the allowScriptedContent option, which allows sandbox content to run malicious scripts...