jspdf Cross-site Scripting (XSS)

kempsteven / vue-html2pdf

vue-html2pdf converts any vue component or element into PDF, vue-html2pdf is basically a vue wrapper only and uses html2pdf.js behind the scenes.

https://www.npmjs.com/package/vue-html2pdf

MIT License

432 stars 75 forks source link

jspdf Cross-site Scripting (XSS) #163

Open skt1598 opened 1 year ago

skt1598 commented 1 year ago

Describe the bug Introduced through: vue-html2pdf@1.8.0 › html2pdf.js@0.9.3 › jspdf@1.4.1 Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It's possible to inject JavaScript code via the html method. It's possible to use < Githubissues.

Githubissues is a development platform for aggregating issues.