CVE-2020-7690

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-7690

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7690.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-7690

Aliases

GHSA-vh59-v9r5-4mh4

Related

SNYK-JS-JSPDF-575256

Published

2020-07-06T13:15:10Z

Modified

2025-01-14T08:57:26.922018Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method.

References

Affected packages

Git / github.com/mrrio/jspdf

Affected ranges

Type: GIT
Repo: https://github.com/mrrio/jspdf
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4497d22f4bcbcc794cc8364e26b1986d787ed753

Affected versions

1.*

1.1.135

1.3.4

v.*

v.1.4.0

v0.*

v0.9.0

v1.*

v1.0.106

v1.0.115

v1.0.116

v1.0.119

v1.0.138

v1.0.150

v1.0.178

v1.0.272

v1.2.60

v1.2.61

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.4.0

v1.4.1

v1.5.0

v1.5.1

v1.5.2

v1.5.3