Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the pdfjs-1.4.20 component under public/plugins/. An attacker can execute arbitrary JavaScript code in the context of the user's browser by injecting malicious scripts into PDF files rendered by the...

CVE-2023-0033

The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2025-23940 WordPress jupdf pdf viewer plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in horiyuki Image Switcher image-switcher allows Stored XSS.This issue affects Image Switcher: from n/a through = 0.1.1...

CVE-2023-0033

The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

WordPress PDF Viewer Plugin < 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software PDF Viewer Type Plugin Vulnerable versions 1.0.0 Fixed in 1.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0033 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6e3ff2a57463 Credits István Márton Required...