| Title | Stirling-Tools Stirling-PDF - Cross Site Scripting |
|---|
| Description | The markdown-to-pdf feature in Stirling PDF https://github.com/Stirling-Tools/Stirling-PDF
doesnot sanitize the input properly. After entering the payload = [a](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)
it gets triggers thus showing that it is vulnerable to cross site scripting.
|
|---|
| Source | ⚠️ https://drive.google.com/file/d/1J4TnzgzKOEvMck3kpaFuR6zfSVt7YgKu/view?usp=sharing |
|---|
| User | nilesh (UID 73953) |
|---|
| Submission | 09/11/2024 14:13 (2 years ago) |
|---|
| Moderation | 09/21/2024 10:00 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 278242 [Stirling-Tools Stirling-PDF up to 0.28.3 Markdown-to-PDF cross site scripting] |
|---|
| Points | 17 |
|---|