Lucene search
K

88 matches found

Veracode
Veracode
added 2023/09/01 5:40 p.m.19 views

Cross-Site Scripting (XSS)

spipu/html2pdf is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to lack of sanitization in forms.php which allows an attacker to inject and execute arbitrary JavaScript...

6.1CVSS6.5AI score0.01364EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/28 6:30 p.m.19 views

Spipu HTML2PDF vulnerable to cross-site scripting

Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...

6.1CVSS7.2AI score0.01364EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2023/08/28 6:30 p.m.15 views

GHSA-99FG-2H75-M92H Spipu HTML2PDF vulnerable to cross-site scripting

Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...

6.1CVSS6.2AI score0.01364EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2023/08/28 6:15 p.m.27 views

CVE-2023-39062

Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...

6.1CVSS6.8AI score0.01364EPSS
Exploits1References4
OSV
OSV
added 2023/08/28 6:15 p.m.30 views

CVE-2023-39062

Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...

6.1CVSS7.4AI score0.01364EPSS
Exploits1References3
Prion
Prion
added 2023/08/28 6:15 p.m.14 views

Cross site scripting

Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...

5.8CVSS6.3AI score0.01364EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/08/28 12:0 a.m.43 views

CVE-2023-39062

CVE-2023-39062 affects Spipu HTML2PDF prior to v5.2.8. A cross‑site scripting flaw in forms.php allows remote attackers to inject/execute arbitrary JavaScript. Impact is XSS with potential user impact, and mitigation is upgrading to v5.2.8 or later; no exploitable details are provided beyond the ...

6.1CVSS6.3AI score0.01364EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/28 12:0 a.m.13 views

CVE-2023-39062

Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...

7.4AI score0.01364EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/08/28 12:0 a.m.42 views

CVE-2023-39062

Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...

6.5AI score0.01364EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2022/05/13 1:14 a.m.4 views

africa.absa:inception-reporting (>=1.0.0 <=1.2.0), africa.absa:inception-reporting-api (>=1.0.0 <=1.2.0) +1452 more potentially affected by CVE-2017-9096 via com.lowagie:itext (>=1.3 <=4.2.2)

com.lowagie:itext MAVEN version =1.3, =1.0.0, =1.0.0, =0.1.0, =2.0.7, =1.0.0, =1.0.7, =5.0.0, =1.0.0, =1.0, =1.0, =1.0, =0.0.1, =0.0.1, =1.1.8, =2.4.0 and more Source cves: CVE-2017-9096 Source advisory: OSV:GHSA-86P9-X5PW-94QX...

8.8CVSS7.2AI score0.09902EPSS
Exploits1
OSV
OSV
added 2022/01/21 11:29 p.m.51 views

GHSA-6M93-343M-3JRC Cross-site Scripting in HTML2PDF

An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...

8.8CVSS8.9AI score0.01581EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/01/21 11:29 p.m.100 views

Cross-site Scripting in HTML2PDF

An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...

8.8CVSS2.8AI score0.01581EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2022/01/18 12:15 p.m.22 views

CVE-2021-45394

An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...

8.8CVSS0.01581EPSS
Exploits1References3
OSV
OSV
added 2022/01/18 12:15 p.m.16 views

CVE-2021-45394

An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...

8.8CVSS7.1AI score
Exploits0References3
Prion
Prion
added 2022/01/18 12:15 p.m.23 views

Deserialization of untrusted data

An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...

6.8CVSS8.8AI score0.01581EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2022/01/18 11:15 a.m.73 views

CVE-2021-45394

CVE-2021-45394 affects Spipu HTML2PDF prior to 5.2.4. Attackers can trigger deserialization of arbitrary data by injecting a malicious tag into the HTML being converted. Impact is described as a deserialization issue; no explicit exploit details provided beyond that. Mitigation: upgrade to versi...

8.8CVSS8.8AI score0.01581EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/01/18 11:15 a.m.30 views

CVE-2021-45394

An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...

9AI score0.01581EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/01/18 12:0 a.m.4 views

Spipu Html2Pdf 代码问题漏洞

Spipu Html2Pdf is a French Laurent Minguet personal developer of a Php written in Html to Pdf open source converter. Spipu HTML2PDF has a code issue vulnerability in versions prior to 5.2.4, where an attacker can trigger deserialization of arbitrary data by injecting malicious link tags into...

8.8CVSS8.3AI score0.01581EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2021/05/17 9:1 p.m.3 views

@0xgg/echomd (>=1.0.0 <=1.0.4), @budibase/client (>=3.8.2 <=3.24.3) +117 more potentially affected by CVE-2020-7690 via jspdf (>=1.0.272 <=1.5.2)

jspdf NPM version =1.0.272, =1.0.0, =3.8.2, =0.0.3, =1.0.0, =2.6.4, =1.54.0, =0.2.1, =1.1.4, =0.0.0-dev.0ebca38, =1.0.0, =0.0.98, =1.15.0-alpha.1, =1.18.11 and more Source cves: CVE-2020-7690 Source advisory: OSV:GHSA-VH59-V9R5-4MH4...

6.1CVSS6.3AI score0.00968EPSS
Exploits1
Zero Day Initiative
Zero Day Initiative
added 2020/02/11 12:0 a.m.31 views

Foxit PhantomPDF HTML2PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of...

7.8CVSS3.2AI score0.06004EPSS
Exploits0References1
Rows per page
Query Builder