Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dompdf dompdf vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-23924
Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the v...
Dompdf Project Dompdf 2.0.1
1 Github repository
7.5
CVSSv2
CVE-2014-6235
Unspecified vulnerability in the ke DomPDF extension prior to 0.0.5 for TYPO3 allows remote malicious users to execute arbitrary code via unknown vectors.
Kennziffer Ke Dompdf
1 EDB exploit
7.5
CVSSv2
CVE-2010-4879
PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote malicious users to execute arbitrary PHP code via a URL in the input_file parameter.
Digitaljunkies Dompdf 0.6.0
1 EDB exploit
NA
CVE-2023-50251
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a `use` tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this...
Dompdf Php-svg-lib
NA
CVE-2023-50252
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `<use>` tag that references an `<image>` tag, it merges the attributes from the `<use>` tag to the `<image>` tag. The problem pops up especially when the `href` a...
Dompdf Php-svg-lib
NA
CVE-2024-25117
php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are a...
4.3
CVSSv2
CVE-2021-40925
Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote malicious users to inject arbitrary web script or HTML via the $_SERVER["PHP_SELF"] parameter.
Faveohelpdesk Faveo
7.5
CVSSv2
CVE-2021-43691
tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/load_font.php. The variable src is coming from $_SERVER["argv"] then there is a path manipulation vulnerability.
Tripexpress Project Tripexpress 1.1
3.5
CVSSv2
CVE-2020-36115
Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'.
Egavilanmedia Phpcrud 1.0
NA
CVE-2022-4321
The PDF Generator for WordPress plugin prior to 1.1.2 includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin
Wpswings Pdf Generator For Wordpress
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »