PT-2026-22348

Name of the Vulnerable Software and Affected Versions PublicCMS versions prior to 5.202506.d Description The software contains a stored cross-site scripting XSS issue. Uploaded PDF files can include JavaScript payloads that bypass security checks within the backend CmsFileUtils.java. When a user...

CVE-2025-55853

SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery SSRF. The PDF converter function does not check if internal or external resources are requested in the uploaded files and allows for protocols such as http:// and file:///. This allows an attacker to upload an XML or HTM...

Cross-Site Scripting (XSS)

Piranha is vulnerable to a Cross-site scripting XSS. The vulnerability is due to insufficient validation of uploaded PDF files, allowing authenticated remote attackers to upload crafted files containing malicious JavaScript code that executes when a victim interacts with the file in their web...

Cockpit Cross-Site Scripting Vulnerability

Cockpit is an interactive server management interface. A cross-site scripting vulnerability exists in Cockpit CMS version 2.7.0. An attacker can exploit this vulnerability to upload an infected PDF file and store a malicious JavaScript load to be executed when the file is uploaded...

CVE-2022-28599

A stored cross-site scripting XSS vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack...

Cross-site Scripting (XSS)

dompdf is vulnerable to cross-site scripting XSS attacks. The library does not filter user-supplied strings through uploaded pdf files, allowing a malicious user to inject and execute arbitrary web script...