CVE-2026-22787
CVE-2026-22787 affects html2pdf.js. Prior to version 0.14.0, passing a text source (not an element) could trigger an XSS because the text wasn’t sufficiently sanitized before attaching to the DOM. The vulnerability is limited to client-side rendering of HTML-to-PDF via html2pdf.js, with potential...