CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38767 – WordPress BSK PDF Manager plugin <= 3.6 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-38767
15 Jul 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky.Com BSK PDF Manager allows Stored XSS.This issue affects BSK PDF Manager: from n/a through 3.6. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en BannerSky.Com BSK PDF Manager permite XSS almacenado. Este problema afecta a BSK PDF Manager: desde n/a hasta 3.6. The BSK PDF Manager plugin for WordPress is vulnerabl... • https://patchstack.com/database/vulnerability/bsk-pdf-manager/wordpress-bsk-pdf-manager-plugin-3-6-cross-site-scripting-xss-vulnerability-2?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 55%CPEs: 1EXPL: 14CVE-2024-4367 – PDF.js < 4.2.67 - Arbitrary JavaScript Execution
https://notcve.org/view.php?id=CVE-2024-4367
14 May 2024 — A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Faltaba una verificación de tipo al manejar fuentes en PDF.js, lo que permitiría la ejecución arbitraria de JavaScript en el contexto de PDF.js. Esta vulnerabilidad afecta a Firefox < 126, Firefox ESR < 115.11 y Thunderbird < 115.11. A flaw was found in Mozilla. • https://github.com/snyk-labs/pdfjs-vuln-demo • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-754: Improper Check for Unusual or Exceptional Conditions •