CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2021-23353 – Regular Expression Denial of Service (ReDoS)
https://notcve.org/view.php?id=CVE-2021-23353
09 Mar 2021 — This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function. Esto afecta al paquete jspdf versiones anteriores a 2.3.1. ReDoS es posible por medio de la función addImage • https://github.com/MrRio/jsPDF/commit/d8bb3b39efcd129994f7a3b01b632164144ec43e •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-7690
https://notcve.org/view.php?id=CVE-2020-7690
06 Jul 2020 — All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method. Todas las versiones afectadas anteriores a la 2.0.0 del paquete jspdf son vulnerables a Cross-site Scripting (XSS). Es posible inyectar código JavaScript mediante el método html. • https://github.com/MrRio/jsPDF/issues/2795 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 5CVE-2020-7691 – Cross-site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2020-7691
06 Jul 2020 — In all versions of the package jspdf, it is possible to use <<script>script> in order to go over the filtering regex. En todas las versiones del paquete jspdf, es posible usar ((script)script) con el fin de repasar el filtrado regex • https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-575255 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •