Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2023-39062
Good to know:
Date: August 27, 2023
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php.
Language: PHP
Severity Score
Related Resources (7)
Severity Score
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79Top Fix
Upgrade Version
Upgrade to version sindla/html2pdf - no_fix;betot/html2pdf - no_fix;betot/html2pdf - 4.03;17734027950/yang - v1.1.1;jruedaq/html2pdf - no_fix;pi/pi - no_fix;pi/pi - v2.5.0-alpha1;pi/pi - v2.8.0;spipu/html2pdf - v5.2.8;spipu/html2pdf - v5.2.3;spipu/html2pdf - v5.2.1;robincoello/magia_php - 0.0.15;rdmumayan/html2pdf - 0.0.0;skimia/laposte - no_fix;robincoello/magophp - no_fix;funcional-health/html2pdf - no_fix;ensepar/html2pdf - 1.0.1;ensepar/html2pdf - 1.0.0;mrcaumartin/html2pdf - no_fix;thelia/html2pdf - no_fix;ilovegits/html2pdf - no_fix;sartajphp/sartajphp - dev-master;pramodwerea/htmltopdf - no_fix;portalix/html2pdf - v5.0.1;portalix/html2pdf - v4.5.0;intelogie/html2pdf - no_fix;robinson/factura-electronica - no_fix;juanelosrock/librerias-pdf-php74 - no_fix
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | CHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | LOW |
| Availability (A): | NONE |