CVE-2024-56527

CVE-2024-56527

Vendor Tecnick

Product tcpdf

Weakness CWE-79 · XSS

Published December 27, 2024

Last update November 3, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.

Key dates

02Disclosure timeline

December 27, 2024 CVE published

November 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-56527 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-46930 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2025-46250 WordPress VForm plugin <= 3.1.14 - Cross Site Scripting (XSS) Vulnerability CVE-2025-13738 Easy Table of Contents <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-5945 WP SVG Images <= 4.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG CVE-2025-26561 WordPress Elfsight Yottie Lite Plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability