Lucene search
K

5 matches found

Snyk
Snyk
added 2026/03/20 8:45 p.m.9 views

Cross-site Scripting (XSS)

Overview @pdfme/schemas is a TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license! Affected versions of this package are vulnerable to Cross-site Scripting XSS in the multiVariableText property panel when...

5.5CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/03/18 4:10 p.m.8 views

Cross-site Scripting (XSS)

Overview @pdfme/schemas is a TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license! Affected versions of this package are vulnerable to Cross-site Scripting XSS via the innerHTML method. An attacker can execute...

6.1CVSS5.8AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/18 4:10 p.m.7 views

@archbase/admin (>=4.0.0 <=4.0.21), @archbase/advanced (>=4.0.0 <=4.0.21) +10 more potentially affected by unknown CVE via @pdfme/schemas (>=5.5.10 <=5.5.8)

@pdfme/schemas NPM version =5.5.10, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =1.0.11, =0.20.0, =1.0.0, =0.31.0-EXPO-315-Marcelo-Tinelli.4, =0.0.1, =0.0.4 Source cves: unknown CVE Source advisory: SNYK:JS-PDFMESCHEMAS-15746949...

5.5AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/18 4:10 p.m.17 views

Cross-Site Scripting (XSS) via SVG Schema innerHTML Injection in @pdfme/schemas

Summary The SVG schema plugin in @pdfme/schemas renders user-supplied SVG content using container.innerHTML = value without any sanitization, enabling arbitrary JavaScript execution in the user's browser. Details In packages/schemas/src/graphics/svg.ts, line 87, the SVG schema's ui renderer assig...

6AI score
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/18 4:10 p.m.9 views

@archbase/admin (>=4.0.0 <=4.0.21), @archbase/advanced (>=4.0.0 <=4.0.21) +10 more potentially affected by unknown CVE via @pdfme/schemas (>=5.5.10 <=5.5.8)

@pdfme/schemas NPM version =5.5.10, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =1.0.11, =0.20.0, =1.0.0, =0.31.0-EXPO-315-Marcelo-Tinelli.4, =0.0.1, =0.0.4 Source cves: unknown CVE Source advisory: SNYK:JS-PDFMESCHEMAS-15746948...

5.5AI score
Exploits0
Rows per page
Query Builder