Arbitrary JavaScript Code Execution via Hyperlinks in PDFTron's WebViewer UI 8.0 or Below

Arbitrary JavaScript Code Execution via Hyperlinks in PDFTron's WebViewer UI 8.0 or Below

CVE-2021-39307 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code.

Learn more about our Web App Pen Testing.