Описание
Cross-site scripting in jspdf
Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It's possible to inject JavaScript code via the html method.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-7690
- https://github.com/MrRio/jsPDF/issues/2795
- https://github.com/parallax/jsPDF/issues/2862
- https://github.com/parallax/jsPDF/issues/2971
- https://github.com/parallax/jsPDF/pull/2806
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-575260
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-575258
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-575259
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575257
- https://snyk.io/vuln/SNYK-JS-JSPDF-575256
Пакеты
Наименование
jspdf
npm
Затронутые версииВерсия исправления
< 2.0.0
2.0.0
Связанные уязвимости
CVSS3: 6.1
nvd
больше 5 лет назад
All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method.
CVSS3: 6.1
debian
больше 5 лет назад
All affected versions <2.0.0 of package jspdf are vulnerable to Cross- ...