CVE-2021-39307

Опубликовано: 15 сент. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code.

Ссылки

https://research.nccgroup.com/2021/09/14/technical-advisory-pdftron-javascript-urls-allowed-in-webviewer-ui-cve-2021-39307/
Exploit
Patch
Third Party Advisory
https://www.pdftron.com/webviewer/
Product
Vendor Advisory
https://research.nccgroup.com/2021/09/14/technical-advisory-pdftron-javascript-urls-allowed-in-webviewer-ui-cve-2021-39307/
Exploit
Patch
Third Party Advisory
https://www.pdftron.com/webviewer/
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pdftron:webviewer_ui:*:*:*:*:*:*:*:*

Версия до 8.0 (включая)

EPSS

Процентиль: 68%

0.00563

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-h97p-5fjq-c93c

github

больше 3 лет назад

PDFTron’s WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code.