Cross-site Scripting (XSS)

Pyhtml2pdf is vulnerable to Cross-site Scripting XSS. The vulnerability is due to lack of validation of user-supplied HTML content, which allows an attacker to access and retrieve arbitrary local files...

EUVD-2024-0679

Malicious code in bioql PyPI...

wombatoo (=1.0.0) potentially affected by CVE-2024-1647 via pyhtml2pdf (=0.0.6)

pyhtml2pdf PYPI version =0.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on pyhtml2pdf and may be impacted: - wombatoo =1.0.0 Source cves: CVE-2024-1647 Source advisory: OSV:GHSA-P3RV-QJ56-2FQX...

Cross-site Scripting in Pyhtml2pdf

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

GHSA-P3RV-QJ56-2FQX Cross-site Scripting in Pyhtml2pdf

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

prezentprogramo (=3.1.0), py-allotax (>=1.0.0 <=1.0.2) +2 more potentially affected by CVE-2024-1647 via pyhtml2pdf (>=0.0.6 <=0.1.0)

pyhtml2pdf PYPI version =0.0.6, =1.0.0, =1.0.2 - rm-commander =0.3.0.dev1 - wombatoo =1.0.0 Source cves: CVE-2024-1647 Source advisory: OSV:PYSEC-2024-301...

PYSEC-2024-301

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtainarbitrary local files. This is possible because the application does notvalidate the HTML content entered by the user...

CVE-2024-1647

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

CVE-2024-1647

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

PYSEC-2024-301

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

Hardcoded credentials

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

Pyhtml2pdf Cross-Site Scripting Vulnerability

Pyhtml2pdf is a simple python wrapper from the Python Foundation. Convert HTML to PDF using headless Chrome via selenium. A cross-site scripting vulnerability exists in Pyhtml2pdf version 0.0.6, which stems from not validating user-entered HTML content, resulting in an attacker being able to obta...

CVE-2024-1647 pyhtml2pdf 0.0.6 - Local File Read via Server Side XSS

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

CVE-2024-1647 pyhtml2pdf 0.0.6 - Local File Read via Server Side XSS

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

CVE-2024-1647

CVE-2024-1647 affects Pyhtml2pdf 0.0.6. The vulnerability arises from not validating user-provided HTML content, allowing an external attacker to remotely read arbitrary local files via a server-side XSS path. Impact is described as local file access with high confidentiality impact; CVSS: NETWOR...

PT-2024-18194

Name of the Vulnerable Software and Affected Versions Pyhtml2pdf version 0.0.6 Description The issue allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user. Recommendations For Pyhtml2pd...