88 matches found
Cross-Site Scripting (XSS)
spipu/html2pdf is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to lack of sanitization in forms.php which allows an attacker to inject and execute arbitrary JavaScript...
Spipu HTML2PDF vulnerable to cross-site scripting
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...
GHSA-99FG-2H75-M92H Spipu HTML2PDF vulnerable to cross-site scripting
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...
CVE-2023-39062
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...
CVE-2023-39062
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...
Cross site scripting
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...
CVE-2023-39062
CVE-2023-39062 affects Spipu HTML2PDF prior to v5.2.8. A cross‑site scripting flaw in forms.php allows remote attackers to inject/execute arbitrary JavaScript. Impact is XSS with potential user impact, and mitigation is upgrading to v5.2.8 or later; no exploitable details are provided beyond the ...
CVE-2023-39062
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...
CVE-2023-39062
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...
africa.absa:inception-reporting (>=1.0.0 <=1.2.0), africa.absa:inception-reporting-api (>=1.0.0 <=1.2.0) +1452 more potentially affected by CVE-2017-9096 via com.lowagie:itext (>=1.3 <=4.2.2)
com.lowagie:itext MAVEN version =1.3, =1.0.0, =1.0.0, =0.1.0, =2.0.7, =1.0.0, =1.0.7, =5.0.0, =1.0.0, =1.0, =1.0, =1.0, =0.0.1, =0.0.1, =1.1.8, =2.4.0 and more Source cves: CVE-2017-9096 Source advisory: OSV:GHSA-86P9-X5PW-94QX...
GHSA-6M93-343M-3JRC Cross-site Scripting in HTML2PDF
An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...
Cross-site Scripting in HTML2PDF
An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...
CVE-2021-45394
An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...
CVE-2021-45394
An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...
Deserialization of untrusted data
An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...
CVE-2021-45394
CVE-2021-45394 affects Spipu HTML2PDF prior to 5.2.4. Attackers can trigger deserialization of arbitrary data by injecting a malicious tag into the HTML being converted. Impact is described as a deserialization issue; no explicit exploit details provided beyond that. Mitigation: upgrade to versi...
CVE-2021-45394
An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...
Spipu Html2Pdf 代码问题漏洞
Spipu Html2Pdf is a French Laurent Minguet personal developer of a Php written in Html to Pdf open source converter. Spipu HTML2PDF has a code issue vulnerability in versions prior to 5.2.4, where an attacker can trigger deserialization of arbitrary data by injecting malicious link tags into...
@0xgg/echomd (>=1.0.0 <=1.0.4), @budibase/client (>=3.8.2 <=3.24.3) +117 more potentially affected by CVE-2020-7690 via jspdf (>=1.0.272 <=1.5.2)
jspdf NPM version =1.0.272, =1.0.0, =3.8.2, =0.0.3, =1.0.0, =2.6.4, =1.54.0, =0.2.1, =1.1.4, =0.0.0-dev.0ebca38, =1.0.0, =0.0.98, =1.15.0-alpha.1, =1.18.11 and more Source cves: CVE-2020-7690 Source advisory: OSV:GHSA-VH59-V9R5-4MH4...
Foxit PhantomPDF HTML2PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of...