CNNVD-202601-2384 Information
CNNVD ID
CNNVD-202601-2384
Related CVE
- CNNVD Published: 2026-01-14
Description (Chinese)
html2pdf.js是Erik Koopmans个人开发者的一个将html转换为pdf的软件。 html2pdf.js 0.14.0之前版本存在跨站脚本漏洞,该漏洞源于文本源未充分清理,可能导致跨站脚本攻击。
Description (English)
html2pdf.js is a software conversion of html to pdf by Erik Koopmans Personal Developer. html2pdf.js 0.14.0 has a cross-site script loophole, which stems from the fact that the source of the text has not been adequately cleared and may result in a cross-site script attack.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
个人开发者
Published
2026-01-14
Last Modified
2026-02-24
References
https://github.com/eKoopmans/html2pdf.js/commit/988826e336035b39a8608182d7b73c0e3cd78c7b https://github.com/eKoopmans/html2pdf.js/issues/865 https://github.com/eKoopmans/html2pdf.js/pull/877 https://github.com/eKoopmans/html2pdf.js/security/advisories/GHSA-w8x4-x68c-m6fc https://github.com/eKoopmans/html2pdf.js/releases/tag/v0.14.0 https://access.redhat.com/security/cve/cve-2026-22787
Patch
https://github.com/eKoopmans/html2pdf.js/releases
Share on: