CVE-2021-39307

CVE-2021-39307

EPSS 1.1%

PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://research.nccgroup.com/2021/09/14/technical-advisory-pdftron-javascript-urls-allowed-in-webviewer-ui-cve-2021-39307/https://www.pdftron.com/webviewer/