Cross-site scripting in jspdf

Description

It’s possible to use nested script tags in order to bypass the filtering regex.

Recommendation

Update the jspdf package to the latest compatible version. Followings are version details:

• Affected version(s): < 2.0.0
• Patched version(s): 2.0.0

References

• GHSA-3q6f-8grx-pr4v
• snyk.io
• CVE-2020-7691
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• jsPDF Denial of Service (DoS) - CVE-2025-57810
• jsPDF Bypass Regular Expression Denial of Service (ReDoS) - CVE-2025-29907
• Stored XSS in Jupyter nbdime - CVE-2021-41134
• Cross-site Scripting in quill - CVE-2021-3163

Tags:

npm

jspdf