| Title | relaxedjs - Injection |
|---|
| Description | The RelaxedJS tool (https://github.com/RelaxedJS/ReLaXed) does not sanitize JavaScript code when converting from Pug to PDF. As a result, an attacker could inject malicious code, which would be rendered in the PDF output. |
|---|
| Source | ⚠️ https://drive.google.com/file/d/1Ll1dRwQds8987S-l5o2iJu4MQRG-p4-A/view?usp=sharing |
|---|
| User | nilesh (UID 73953) |
|---|
| Submission | 09/19/2024 13:07 (2 years ago) |
|---|
| Moderation | 09/27/2024 11:46 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 278676 [RelaxedJS ReLaXed up to 0.2.2 Pug to PDF Converter cross site scripting] |
|---|
| Points | 14 |
|---|