Description
All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method.
Remediation
References
https://github.com/MrRio/jsPDF/issues/2795
https://snyk.io/vuln/SNYK-JS-JSPDF-575256
Related Vulnerabilities
CVE-2015-0266 Vulnerability in maven package org.apache.ranger:ranger
CVE-2019-5444 Vulnerability in npm package serve-here.js
CVE-2022-45398 Vulnerability in maven package org.zeroturnaround:cluster-stats
CVE-2012-5784 Vulnerability in maven package org.apache.axis:axis
CVE-2022-41710 Vulnerability in npm package electron-markdownify