Cross-site scripting in jspdf - jspdf

Description

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It’s possible to inject JavaScript code via the html method.

Recommendation

Update the jspdf package to the latest compatible version. Followings are version details:

• Affected version(s): < 2.0.0
• Patched version(s): 2.0.0

References

• GHSA-vh59-v9r5-4mh4
• snyk.io
• CVE-2020-7690
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Cross-site scripting in jspdf - CVE-2020-7691
• Cross-site Scripting in dompurify - dompurify - CVE-2020-26870
• Cross-site Scripting in vis-timeline - CVE-2020-28487
• Cross-site Scripting (XSS) in Eclipse Theia - CVE-2020-27224

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

jspdf