Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1
CVE-2024-34342
- EPSS 5.03%
- Veröffentlicht 07.05.2024 15:15:09
- Zuletzt bearbeitet 21.11.2024 09:18:28
react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context ...
5.4
CVE-2022-4670
- EPSS 0.3%
- Veröffentlicht 06.02.2023 20:15:11
- Zuletzt bearbeitet 25.03.2025 20:15:16
The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perf...
5.4
CVE-2021-24759
- EPSS 0.18%
- Veröffentlicht 06.12.2021 16:15:07
- Zuletzt bearbeitet 21.11.2024 05:53:42
The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks
1