Описание
Cross-site scripting in jspdf
It's possible to use nested script tags in order to bypass the filtering regex.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-7691
- https://github.com/MrRio/jsPDF/issues/2971
- https://github.com/MrRio/jsPDF/commit/d0323215b1a1cd1c35bf2b213274ae1e4797715d
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-575255
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-575253
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-575254
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575252
- https://snyk.io/vuln/SNYK-JS-JSPDF-568273
Пакеты
Наименование
jspdf
npm
Затронутые версииВерсия исправления
< 2.0.0
2.0.0
Связанные уязвимости
CVSS3: 6.3
nvd
больше 5 лет назад
In all versions of the package jspdf, it is possible to use <<script>script> in order to go over the filtering regex.
CVSS3: 6.3
debian
больше 5 лет назад
In all versions of the package jspdf, it is possible to use <<script>s ...