org.webjars.npm:dom-to-pdf (=0.3.2), org.webjars.npm:html2pdf.js (>=0.10.1 <=0.10.3) potentially affected by CVE-2026-31898 via org.webjars.npm:jspdf (>=2.5.2 <=3.0.3)

org.webjars.npm:jspdf MAVEN version =2.5.2, =0.10.1, =0.10.3 Source cves: CVE-2026-31898 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15677843...

CVE-2026-22787

html2pdf.js converts any webpage or element into a printable PDF entirely client-side. Prior to 0.14.0, html2pdf.js contains a cross-site scripting XSS vulnerability when given a text source rather than an element. This text is not sufficiently sanitized before being attached to the DOM, allowing...

CVE-2026-22787

html2pdf.js converts any webpage or element into a printable PDF entirely client-side. Prior to 0.14.0, html2pdf.js contains a cross-site scripting XSS vulnerability when given a text source rather than an element. This text is not sufficiently sanitized before being attached to the DOM, allowing...

Cross-site Scripting (XSS)

Overview html2pdf.js is a Client-side HTML-to-PDF rendering using pure JS Affected versions of this package are vulnerable to Cross-site Scripting XSS via the html2pdf function when processing unsanitized text not element sources. An attacker can execute arbitrary scripts in the context of the...

GHSA-W8X4-X68C-M6FC html2pdf.js contains a cross-site scripting vulnerability

Impact html2pdf.js contains a cross-site scripting XSS vulnerability when given a text source rather than an element. This text is not sufficiently sanitized before being attached to the DOM, allowing malicious scripts to be run on the client browser and risking the confidentiality, integrity, an...

@7365admin1/layer-common (>=1.10.7 <=1.11.40), @a-dapt/vision (=0.2.1) +184 more potentially affected by CVE-2026-22787 via html2pdf.js (>=0.10.1 <=0.13.0)

html2pdf.js NPM version =0.10.1, =1.10.7, =1.0.12, =1.0.1, =1.0.12, =0.1.11, =1.4.4, =1.13.2-dev.0, =1.29.0-rc.0, =1.3.1, =0.4.80, =0.3.9, =1.6.234, =2.6.25 and more Source cves: CVE-2026-22787 Source advisory: OSV:GHSA-W8X4-X68C-M6FC...

html2pdf.js contains a cross-site scripting vulnerability

Impact html2pdf.js contains a cross-site scripting XSS vulnerability when given a text source rather than an element. This text is not sufficiently sanitized before being attached to the DOM, allowing malicious scripts to be run on the client browser and risking the confidentiality, integrity, an...

Cross-site Scripting (XSS)

Overview org.webjars.npm:html2pdf.js is a Client-side HTML-to-PDF rendering using pure JS Affected versions of this package are vulnerable to Cross-site Scripting XSS via the html2pdf function when processing unsanitized text not element sources. An attacker can execute arbitrary scripts in the...

@7365admin1/layer-common (>=1.10.7 <=1.11.40), @a-dapt/vision (=0.2.1) +184 more potentially affected by CVE-2026-22787 via html2pdf.js (>=0.10.1 <=0.13.0)

html2pdf.js NPM version =0.10.1, =1.10.7, =1.0.12, =1.0.1, =1.0.12, =0.1.11, =1.4.4, =1.13.2-dev.0, =1.29.0-rc.0, =1.3.1, =0.4.80, =0.3.9, =1.6.234, =2.6.25 and more Source cves: CVE-2026-22787 Source advisory: SNYK:JS-HTML2PDFJS-14943969...

CVE-2026-22787

html2pdf.js converts any webpage or element into a printable PDF entirely client-side. Prior to 0.14.0, html2pdf.js contains a cross-site scripting XSS vulnerability when given a text source rather than an element. This text is not sufficiently sanitized before being attached to the DOM, allowing...

CVE-2026-22787

CVE-2026-22787 affects html2pdf.js. Prior to version 0.14.0, passing a text source (not an element) could trigger an XSS because the text wasn’t sufficiently sanitized before attaching to the DOM. The vulnerability is limited to client-side rendering of HTML-to-PDF via html2pdf.js, with potential...

CVE-2026-22787 html2pdf.js has a cross-site scripting vulnerability

html2pdf.js converts any webpage or element into a printable PDF entirely client-side. Prior to 0.14.0, html2pdf.js contains a cross-site scripting XSS vulnerability when given a text source rather than an element. This text is not sufficiently sanitized before being attached to the DOM, allowing...

CVE-2026-22787 html2pdf.js has a cross-site scripting vulnerability

html2pdf.js converts any webpage or element into a printable PDF entirely client-side. Prior to 0.14.0, html2pdf.js contains a cross-site scripting XSS vulnerability when given a text source rather than an element. This text is not sufficiently sanitized before being attached to the DOM, allowing...

html2pdf.js 跨站脚本漏洞

html2pdf.js is a software that converts html to pdf by the individual developer Erik Koopmans. A cross-site scripting vulnerability exists in versions of html2pdf.js prior to 0.14.0, which stems from a text source that is not sufficiently cleaned up, and could lead to cross-site scripting attacks...

PT-2026-2926

Name of the Vulnerable Software and Affected Versions html2pdf.js versions prior to 0.14.0 Description html2pdf.js converts webpages or elements into printable PDFs client-side. When provided with a text source instead of an element, versions prior to 0.14.0 do not sufficiently sanitize the text...

MAL-2025-2781 Malicious code in react-html2pdf.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be6d515bfa8ee2ff472a78fae780650681611a5d7184b12d85b273b398597172 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...