CVE-2021-24759

CVE-2021-24759: PDF.js Viewer < 2.0.2 - Contributor+ Stored Cross-Site Scripting

Vendor Unknown

Product PDF.js Viewer

Weakness CWE-79 · XSS

Published December 6, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks

Key dates

02Disclosure timeline

December 6, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24759

Related vulnerabilities

04Related CVE

CVE-2018-25053 moappi Json2html json2html.js cross site scripting CVE-2025-49547 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-52455 WordPress GoQSmile plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-24814 Persisted Cross-Site Scripting in Frontend Rendering in typo3 CVE-2025-8603 Unlimited Elements For Elementor <= 1.5.148 - Authenticated (Contributor+) Stored Cross-Site Scripting