All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method.
6.1CVSS
6.1AI Score
0.001EPSS
In all versions of the package jspdf, it is possible to use <<script>script> in order to go over the filtering regex.
6.3CVSS
6.2AI Score
0.003EPSS
This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function.
7.5CVSS
7.5AI Score
0.005EPSS