Skip to main content

Bentopdf

1 CVEs product

Monthly

CVE-2026-41653 HIGH PATCH This Week

Cross-site scripting in BentoPDF's Markdown to PDF Tool allows remote attackers to execute arbitrary JavaScript when users interact with malicious Markdown content. Affects all versions prior to 2.8.3. Vendor-released patch version 2.8.3 available with immediate upgrade recommended by maintainer. No public exploit identified at time of analysis, though vulnerability was responsibly disclosed by independent researcher. CVSS 7.0 with network attack vector but requires user interaction, reducing automation potential.

XSS Bentopdf
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Cross-site scripting in BentoPDF's Markdown to PDF Tool allows remote attackers to execute arbitrary JavaScript when users interact with malicious Markdown content. Affects all versions prior to 2.8.3. Vendor-released patch version 2.8.3 available with immediate upgrade recommended by maintainer. No public exploit identified at time of analysis, though vulnerability was responsibly disclosed by independent researcher. CVSS 7.0 with network attack vector but requires user interaction, reducing automation potential.

XSS Bentopdf
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy