The jsPDF JavaScript library contains a critical vulnerability that allows attackers to inject malicious scripts into the browser context of victims who open generated PDFs.

The output function fails to sanitize the options argument, allowing an unauthenticated attacker to provide malicious HTML or scripts. When a victim opens a PDF generated with these options, the script executes within their browser context.

This vulnerability facilitates Cross-Site Scripting (XSS), which can lead to the theft of session cookies, sensitive data, or the modification of the user's browser environment. Given the CVSS score of 9.6, the risk is critical as it allows for remote code execution in the client's browser, potentially compromising internal web applications that utilize the library.

Immediate Action: Upgrade the jsPDF library to version 4.2.1 or higher to resolve the sanitization failure in the output function.

Proactive Monitoring: Review application code to identify where user-controlled input is passed to the jsPDF library and ensure all inputs are strictly validated.

Compensating Controls: As a temporary workaround, implement robust server-side and client-side sanitization of any user input before it is passed to the output method of the jsPDF library.

Public Exploit Available: false

Organizations using jsPDF for dynamic document generation must update to version 4.2.1 immediately. Failure to do so leaves end-users vulnerable to script injection attacks that can bypass browser security boundaries and compromise sensitive session data.