| 제목 | apryse WebViewe 10.8.0 Cross Site Scripting |
|---|
| 설명 | The default WebViewer [https://www.npmjs.com/package/@pdftron/webviewer] deployments allow Embedded JavaScript within PDF which can lead to cross-site scripting XSS
I was able to replicate this issue on the WebViewer demo. To reproduce: Visit https://showcase.apryse.com/portfolio. Upload the attached PDF file. https://1drv.ms/b/s!AqJ7dHWS4CD_l0acw2hDjgo-C2zC?e=DOGPmq XSS will be triggered.
Vandor was contacted and they will fix the issue on the next release, by disabling the embedded javascript by default.
|
|---|
| 사용자 | hamza_g (UID 68030) |
|---|
| 제출 | 2024. 04. 23. AM 12:55 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 04. 29. PM 09:40 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 262419 [Apryse WebViewer 까지 10.8.0 PDF Document 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|