40 matches found
CVE-2026-31938 jsPDF has HTML Injection in New Window paths
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the options argument of the output function allows attackers to inject arbitrary HTML such as scripts into the browser context the created PDF is opened in. The vulnerability can be exploited in the followi...
CVE-2026-31938 jsPDF has HTML Injection in New Window paths
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the options argument of the output function allows attackers to inject arbitrary HTML such as scripts into the browser context the created PDF is opened in. The vulnerability can be exploited in the followi...
CVE-2026-31938 jsPDF has HTML Injection in New Window paths
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the options argument of the output function allows attackers to inject arbitrary HTML such as scripts into the browser context the created PDF is opened in. The vulnerability can be exploited in the followi...
CVE-2026-31938
jsPDF prior to 4.2.1 is vulnerable: unsanitized user input passed to the output method’s options can inject HTML/scripts into the browser context when a PDF is opened. The issue is triggered when an attacker provides values via a web interface, which are forwarded to the victim’s browser and proc...
jsPDF has HTML Injection in New Window paths
Impact User control of the options argument of the output function allows attackers to inject arbitrary HTML such as scripts into the browser context the created PDF is opened in. The affected overloads and options are: "pdfobjectnewwindow": the pdfObjectUrl option and the entire options object,...
CVE-2022-1583
The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur...
CVE-2022-1582
The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible...
CVE-2013-2317
The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile Black Edition application 2.9.1 and earlier for Android allow remote attackers to spoof the address bar via vectors involving the opening of a new window...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...