إرسال #321231: apryse WebViewe 10.8.0 Cross Site Scriptingالمعلومات

عنوان	apryse WebViewe 10.8.0 Cross Site Scripting
الوصف	The default WebViewer [https://www.npmjs.com/package/@pdftron/webviewer] deployments allow Embedded JavaScript within PDF which can lead to cross-site scripting XSS I was able to replicate this issue on the WebViewer demo. To reproduce: Visit https://showcase.apryse.com/portfolio. Upload the attached PDF file. https://1drv.ms/b/s!AqJ7dHWS4CD_l0acw2hDjgo-C2zC?e=DOGPmq XSS will be triggered. Vandor was contacted and they will fix the issue on the next release, by disabling the embedded javascript by default.
المستخدم	hamza_g (UID 68030)
ارسال	23/04/2024 12:55 AM (2 سنوات منذ)
الاعتدال	29/04/2024 09:40 PM (7 days later)
الحالة	تمت الموافقة
إدخال VulDB	262419 [Apryse WebViewer حتى 10.8.0 PDF Document البرمجة عبر المواقع]
النقاط	17

Want to know what is going to be exploited?

We predict KEV entries!