16 matches found
PT-2025-29481 · Laurent Minguet · Spipu Html2Pdf
Уязвимость библиотеки spipu-html2pdf связана с недостатками механизма десериализации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании...
Cross-Site Scripting (XSS)
spipu/html2pdf is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to lack of sanitization in forms.php which allows an attacker to inject and execute arbitrary JavaScript...
Spipu HTML2PDF vulnerable to cross-site scripting
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...
GHSA-99FG-2H75-M92H Spipu HTML2PDF vulnerable to cross-site scripting
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...
CVE-2023-39062
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...
CVE-2023-39062
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...
Cross site scripting
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...
CVE-2023-39062
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...
CVE-2023-39062
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...
CVE-2023-39062
CVE-2023-39062 affects Spipu HTML2PDF prior to v5.2.8. A cross‑site scripting flaw in forms.php allows remote attackers to inject/execute arbitrary JavaScript. Impact is XSS with potential user impact, and mitigation is upgrading to v5.2.8 or later; no exploitable details are provided beyond the ...
GHSA-6M93-343M-3JRC Cross-site Scripting in HTML2PDF
An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...
CVE-2021-45394
An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...
CVE-2021-45394
An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...
Deserialization of untrusted data
An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...
CVE-2021-45394
CVE-2021-45394 affects Spipu HTML2PDF prior to 5.2.4. Attackers can trigger deserialization of arbitrary data by injecting a malicious tag into the HTML being converted. Impact is described as a deserialization issue; no explicit exploit details provided beyond that. Mitigation: upgrade to versi...
CVE-2021-45394
An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...