Описание
A cross-site scripting (XSS) vulnerability exists in the PDF preview functionality of uTools thru 7.1.1. When a user previews a specially crafted PDF file, embedded JavaScript code executes within the application's privileged context, potentially allowing attackers to steal sensitive data or perform unauthorized actions.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.1.1 (включая)
cpe:2.3:a:u-tools:utools:*:*:*:*:*:*:*:*
EPSS
Процентиль: 7%
0.00028
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
5 месяцев назад
A cross-site scripting (XSS) vulnerability exists in the PDF preview functionality of uTools thru 7.1.1. When a user previews a specially crafted PDF file, embedded JavaScript code executes within the application's privileged context, potentially allowing attackers to steal sensitive data or perform unauthorized actions.
EPSS
Процентиль: 7%
0.00028
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79