8 matches found
CVE-2026-25755
A flaw was found in jsPDF. The addJS method accepts user input without proper sanitization, allowing an attacker to inject arbitrary PDF objects into the document. A specially crafted payload that escapes the JavaScript string delimiter can execute malicious actions or alter the document structur...
jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method
Impact User control of the argument of the addJS method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user...
GHSA-9VJF-QC39-JPRP jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method
Impact User control of the argument of the addJS method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user...
CVE-2026-25755
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the addJS method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious...
CVE-2026-25755 jsPDF has PDF Object Injection via Unsanitized Input in addJS Method
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the addJS method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious...
CVE-2026-25755 jsPDF has PDF Object Injection via Unsanitized Input in addJS Method
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the addJS method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious...
CVE-2026-25755
jsPDF prior to 4.2.0 is vulnerable to PDF Object Injection via the addJS method when user-controlled input is passed. An attacker could inject arbitrary PDF objects by crafting a payload that escapes the JavaScript string delimiter, potentially affecting document structure or actions when opened ...
PT-2026-20850
Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.2.0 Description jsPDF is a JavaScript library used to generate PDF documents. A flaw exists where user-controlled input to the addJS method allows an attacker to inject arbitrary PDF objects into generated documents. ...