Vulnerability Description
PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pdftron | Webviewer Ui | <= 8.0 |
Related Weaknesses (CWE)
References
- https://research.nccgroup.com/2021/09/14/technical-advisory-pdftron-javascript-uExploitPatchThird Party Advisory
- https://www.pdftron.com/webviewer/ProductVendor Advisory
- https://research.nccgroup.com/2021/09/14/technical-advisory-pdftron-javascript-uExploitPatchThird Party Advisory
- https://www.pdftron.com/webviewer/ProductVendor Advisory
FAQ
What is CVE-2021-39307?
CVE-2021-39307 is a vulnerability with a CVSS score of 6.1 (MEDIUM). PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code.
How severe is CVE-2021-39307?
CVE-2021-39307 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-39307?
Check the references section above for vendor advisories and patch information. Affected products include: Pdftron Webviewer Ui.