GHSA-8MVJ-3J78-4QMW jsPDF Denial of Service (DoS)

Impact User control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of...

Mermaid 安全漏洞

Mermaid is a mermaid-js open source application. Creates diagrams and visualizations using text and code. A security vulnerability exists in Mermaid 11.9.0 and earlier versions, which stems from user-entered architecture diagram icons being passed to the d3 html method, potentially leading to...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.bowergithub.parallax:jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the addImage, html, and addSvgAsImage methods. An attacker can occupy excessive CPU by supplying a malicious...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the addImage, html, and addSvgAsImage methods. An attacker can occupy excessive CPU by supplying a malicious data-url. PoC js import jsPDF from "jpsdf" const doc = new jsPDF; const payload =...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars:jspdf is a WebJar for jspdf. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the addImage, html, and addSvgAsImage methods. An attacker can occupy excessive CPU by supplying a malicious data-url. PoC js import jsPDF from "jpsd...

GHSA-W532-JXJH-HJHJ jsPDF Bypass Regular Expression Denial of Service (ReDoS)

Impact User control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Othe...

PT-2022-27054 · Unknown · Browsershot

Name of the Vulnerable Software and Affected Versions: Browsershot version 3.57.3 Description: The issue allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to...

GHSA-VH59-V9R5-4MH4 Cross-site scripting in jspdf

Affected versions of this package are vulnerable to Cross-site Scripting XSS. It's possible to inject JavaScript code via the html method...

Cross-site scripting in jspdf

Affected versions of this package are vulnerable to Cross-site Scripting XSS. It's possible to inject JavaScript code via the html method...

CVE-2020-7690

All affected versions 2.0.0 of package jspdf are vulnerable to Cross-site Scripting XSS. It is possible to inject JavaScript code via the html method...

CVE-2020-7690

All affected versions 2.0.0 of package jspdf are vulnerable to Cross-site Scripting XSS. It is possible to inject JavaScript code via the html method...

Cross site scripting

All affected versions 2.0.0 of package jspdf are vulnerable to Cross-site Scripting XSS. It is possible to inject JavaScript code via the html method...

CVE-2020-7690

All affected versions 2.0.0 of package jspdf are vulnerable to Cross-site Scripting XSS. It is possible to inject JavaScript code via the html method...

PT-2020-19713 · Jpdf · Jspdf

Name of the Vulnerable Software and Affected Versions: jspdf versions prior to 2.0.0 Description: The issue allows for Cross-site Scripting XSS attacks, where it is possible to inject JavaScript code via the html method. Recommendations: For versions prior to 2.0.0, update to version 2.0.0 or lat...

Cross-site Scripting (XSS)

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Cross-site Scripting XSS. It's possible to inject JavaScript code via the html method. PoC var doc = new jsPDF; window.html2canvas = html2canvas; let html = a ; doc.htmlhtml, callback:...

VulnCheck KEV: CVE-2010-2099

bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method...