jspdf Cross-site Scripting (XSS)
skt1598 opened this issue · 0 comments
skt1598 commented
Describe the bug
Introduced through: vue-html2pdf@1.8.0 › html2pdf.js@0.9.3 › jspdf@1.4.1
Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It's possible to inject JavaScript code via the html method.
It's possible to use <<script>script> in order to go over the filtering regex.
Package Version
1.8.0
Additional context
Ref: https://security.snyk.io/vuln/SNYK-JS-JSPDF-575256, https://security.snyk.io/vuln/SNYK-JS-JSPDF-568273