All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method.
References
Link | Resource |
---|---|
https://github.com/MrRio/jsPDF/issues/2795 | Exploit Third Party Advisory |
https://snyk.io/vuln/SNYK-JS-JSPDF-575256 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2020-07-06T12:25:21
Updated: 2020-08-24T13:14:46
Reserved: 2020-01-21T00:00:00
Link: CVE-2020-7690
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-07-06T13:15:10.610
Modified: 2023-02-02T19:51:43.687
Link: CVE-2020-7690
JSON object: View
Redhat Information
No data.
CWE