Moderate severityNVD Advisory· Published Jul 6, 2020· Updated Sep 16, 2024
Cross-site Scripting (XSS)
CVE-2020-7691
Description
In all versions of the package jspdf, it is possible to use <script> in order to go over the filtering regex.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
jspdfnpm | < 2.0.0 | 2.0.0 |
Affected products
2- jspdf/jspdfdescription
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-3q6f-8grx-pr4vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7691ghsaADVISORY
- github.com/MrRio/jsPDF/commit/d0323215b1a1cd1c35bf2b213274ae1e4797715dghsaWEB
- github.com/MrRio/jsPDF/issues/2971ghsaWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-575255ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-575253ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-575254ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575252ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-JSPDF-568273ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.