Enviar #321231: apryse WebViewe 10.8.0 Cross Site Scriptinginformación

Títuloapryse WebViewe 10.8.0 Cross Site Scripting
DescripciónThe default WebViewer [https://www.npmjs.com/package/@pdftron/webviewer] deployments allow Embedded JavaScript within PDF which can lead to cross-site scripting XSS I was able to replicate this issue on the WebViewer demo. To reproduce: Visit https://showcase.apryse.com/portfolio. Upload the attached PDF file. https://1drv.ms/b/s!AqJ7dHWS4CD_l0acw2hDjgo-C2zC?e=DOGPmq XSS will be triggered. Vandor was contacted and they will fix the issue on the next release, by disabling the embedded javascript by default.
Usuario
 hamza_g (UID 68030)
Sumisión2024-04-23 00:55 (hace 2 años)
Moderación2024-04-29 21:40 (7 days later)
EstadoAceptado
Entrada de VulDB262419 [Apryse WebViewer hasta 10.8.0 PDF Document secuencias de comandos en sitios cruzados]
Puntos17

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!