Vulnerabilities > Thecodingmachine > Gotenberg > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-26 | CVE-2020-14161 | Cross-site Scripting vulnerability in Thecodingmachine Gotenberg It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint. | 6.1 |
| 2021-02-26 | CVE-2021-23345 | Server-Side Request Forgery (SSRF) vulnerability in Thecodingmachine Gotenberg All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>. | 5.3 |