Invia #321231: apryse WebViewe 10.8.0 Cross Site Scriptinginformazioni

Titoloapryse WebViewe 10.8.0 Cross Site Scripting
DescrizioneThe default WebViewer [https://www.npmjs.com/package/@pdftron/webviewer] deployments allow Embedded JavaScript within PDF which can lead to cross-site scripting XSS I was able to replicate this issue on the WebViewer demo. To reproduce: Visit https://showcase.apryse.com/portfolio. Upload the attached PDF file. https://1drv.ms/b/s!AqJ7dHWS4CD_l0acw2hDjgo-C2zC?e=DOGPmq XSS will be triggered. Vandor was contacted and they will fix the issue on the next release, by disabling the embedded javascript by default.
Utente
 hamza_g (UID 68030)
Sottomissione23/04/2024 00:55 (2 anni fa)
Moderazione29/04/2024 21:40 (7 days later)
StatoAccettato
Voce VulDB262419 [Apryse WebViewer fino a 10.8.0 PDF Document cross site scripting]
Punti17

PrecedenteVisione D'ensembleIl prossimo

Interested in the pricing of exploits?

See the underground prices here!