Parall - Jspdf CVE

Filtered by vendor Parall Subscribe

Filtered by product Jspdf

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-7690	1 Parall	1 Jspdf	2020-08-24	4.3 MEDIUM	6.1 MEDIUM
All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method.
CVE-2020-7691	1 Parall	1 Jspdf	2020-07-10	4.3 MEDIUM	6.1 MEDIUM
In all versions of the package jspdf, it is possible to use <<script>script> in order to go over the filtering regex.

Vulnerabilities (CVE)