cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-4670,https://securityvulnerability.io/vulnerability/CVE-2022-4670,PDF.js Viewer < 2.1.8 - Contributor+ Stored XSS via Shortcode,"The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.",Wordpress,PDF.js Viewer,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-02-06T19:59:43.771Z,0
CVE-2021-24759,https://securityvulnerability.io/vulnerability/CVE-2021-24759,PDF.js Viewer < 2.0.2 - Contributor+ Stored Cross-Site Scripting,"The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks",Wordpress,PDF.js Viewer,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-12-06T15:55:26.000Z,0