top of page

Stored Cross Site Scripting in PrizmDoc 13.3 and before (CVE-2018–15546)

While working on a security audit, our researcher has found a security weakness affecting PrizmDoc HTML5 Document Viewer 13.3 and all previous versions. This has been assigned with CVE-2018–15546.

PrizmDoc is a suite of web services that are accessed using REST APIs which provide document & image processing functionality for your application

In order to reproduce the issue, you need to have a pdf file with XSS payload, you can download one from below:

Now, all you need to upload the file into application and view the file using PrizmDoc viewer. Click on javascript link and XSS will execute.


Vendor Released the Fix for the vulnerability in v13.4



  • Jul 26, 2018 — Vulnerability Discovered

  • Jul 26, 2018 — Vulnerability Reported

  • Jul 27,2018 — Vulnerability Acknowledged by vendor

  • Jul 28,2018 — Vendor Response on Fix scheduled in September

  • September 10,2018 — Vulnerability Fixed


Couldn’t Load Comments
It looks like there was a technical problem. Try reconnecting or refreshing the page.
bottom of page