CVE-2026-34071

Medium CVSS: 5.4

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a malicious email to a Stirling-PDF user can achieve JavaScript execution when that user exports the email using the "Download HTML intermediate file" feature. Version 2.8.0 fixes the issue.

Vendor

Stirlingpdf

Product

Stirling Pdf

CWE

CWE-79

Yayın Tarihi

2026-03-26 17:16:41

Güncelleme

2026-03-31 21:19:24

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Stirling Pdf MEDIUM Stirlingpdf 2026

Referanslar

https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-xmhg-fv84-jgfc

Benzer Kayıtlar

High

CVE-2025-55161

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0,…

High

CVE-2025-55151

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0,…

High

CVE-2025-55150

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0,…

High

CVE-2025-46568

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to ve…