Moderate severityNVD Advisory· Published Aug 28, 2023· Updated Oct 2, 2024
CVE-2023-39062
CVE-2023-39062
Description
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
spipu/html2pdfPackagist | < 5.2.8 | 5.2.8 |
Affected products
2- Spipu/HTML2PDFdescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-99fg-2h75-m92hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-39062ghsaADVISORY
- github.com/sectroyer/CVEs/tree/main/CVE-2023-39062ghsaWEB
- github.com/spipu/html2pdf/blob/92afd81823d62ad95eb9d034858311bb63aeb4ac/CHANGELOG.mdghsaWEB
- github.com/spipu/html2pdf/commit/92afd81823d62ad95eb9d034858311bb63aeb4acghsaWEB
News mentions
0No linked articles in our index yet.