Description
All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method.
Remediation
References
https://snyk.io/vuln/SNYK-JS-JSPDF-575256
https://github.com/MrRio/jsPDF/issues/2795
Related Vulnerabilities
CVE-2023-22457 Vulnerability in maven package org.xwiki.contrib:application-ckeditor-plugins
CVE-2022-39259 Vulnerability in maven package io.github.skylot:jadx-plugins-api
CVE-2016-10707 Vulnerability in maven package org.webjars.npm:jquery
CVE-2022-25875 Vulnerability in maven package org.webjars.npm:svelte