Arbitrary JavaScript Code Execution via Hyperlinks in PDFTron's WebViewer UI 8.0 or Below
CVE-2021-39307 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code.
Learn more about our Web App Pen Testing.