@pdfme/schemas 5.5.8

Direct Vulnerabilities

Known vulnerabilities in the @pdfme/schemas package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) @pdfme/schemas is a TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license! Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `innerHTML` method. An attacker can execute arbitrary JavaScript in the user's browser by supplying crafted SVG content containing malicious scripts or event handlers. How to fix Cross-site Scripting (XSS)? Upgrade `@pdfme/schemas` to version 5.5.9 or higher.	<5.5.9
M Cross-site Scripting (XSS) @pdfme/schemas is a TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license! Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `selectElement.innerHTML` method. An attacker can execute arbitrary JavaScript in the browser of users who load a malicious template by injecting specially crafted option values into the template JSON. How to fix Cross-site Scripting (XSS)? Upgrade `@pdfme/schemas` to version 5.5.9 or higher.	<5.5.9
L Cross-site Scripting (XSS) @pdfme/schemas is a TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license! Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the `multiVariableText` property panel when unsanitized i18n label values are concatenated into `innerHTML`. An attacker can execute arbitrary JavaScript in the context of users who open the Designer and select a multiVariableText field without `{variables}` in its text by supplying malicious label overrides through the `options.labels` parameter. How to fix Cross-site Scripting (XSS)? Upgrade `@pdfme/schemas` to version 5.5.10 or higher.	<5.5.10

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

@pdfme/schemas is a TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license!

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the innerHTML method. An attacker can execute arbitrary JavaScript in the user's browser by supplying crafted SVG content containing malicious scripts or event handlers.

How to fix Cross-site Scripting (XSS)?

Upgrade @pdfme/schemas to version 5.5.9 or higher.

<5.5.9

Cross-site Scripting (XSS)

@pdfme/schemas is a TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license!

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the selectElement.innerHTML method. An attacker can execute arbitrary JavaScript in the browser of users who load a malicious template by injecting specially crafted option values into the template JSON.

How to fix Cross-site Scripting (XSS)?

Upgrade @pdfme/schemas to version 5.5.9 or higher.

<5.5.9

Cross-site Scripting (XSS)

@pdfme/schemas is a TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license!

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the multiVariableText property panel when unsanitized i18n label values are concatenated into innerHTML. An attacker can execute arbitrary JavaScript in the context of users who open the Designer and select a multiVariableText field without {variables} in its text by supplying malicious label overrides through the options.labels parameter.

How to fix Cross-site Scripting (XSS)?

Upgrade @pdfme/schemas to version 5.5.10 or higher.

<5.5.10

@pdfme/schemas@5.5.8

TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license!

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically