{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34071", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-25T16:21:40.867Z", "datePublished": "2026-03-26T17:00:08.783Z", "dateUpdated": "2026-03-26T19:52:10.821Z"}, "containers": {"cna": {"title": "Stirling-PDF has Stored Cross Site Scripting (XSS) via EML-to-HTML Export", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-xmhg-fv84-jgfc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-xmhg-fv84-jgfc"}], "affected": [{"vendor": "Stirling-Tools", "product": "Stirling-PDF", "versions": [{"version": "= 2.7.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T17:00:08.783Z"}, "descriptions": [{"lang": "en", "value": "Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a malicious email to a Stirling-PDF user can achieve JavaScript execution when that user exports the email using the \"Download HTML intermediate file\" feature. Version 2.8.0 fixes the issue."}], "source": {"advisory": "GHSA-xmhg-fv84-jgfc", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34071", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T19:48:44.012488Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T19:52:10.821Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34071", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T19:48:44.012488Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T19:50:38.617Z"}}], "cna": {"title": "Stirling-PDF has Stored Cross Site Scripting (XSS) via EML-to-HTML Export", "source": {"advisory": "GHSA-xmhg-fv84-jgfc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Stirling-Tools", "product": "Stirling-PDF", "versions": [{"status": "affected", "version": "= 2.7.3"}]}], "references": [{"url": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-xmhg-fv84-jgfc", "name": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-xmhg-fv84-jgfc", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a malicious email to a Stirling-PDF user can achieve JavaScript execution when that user exports the email using the \"Download HTML intermediate file\" feature. Version 2.8.0 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T17:00:08.783Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34071", "state": "PUBLISHED", "dateUpdated": "2026-03-26T19:52:10.821Z", "dateReserved": "2026-03-25T16:21:40.867Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-26T17:00:08.783Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a malicious email to a Stirling-PDF user can achieve JavaScript execution when that user exports the email using the \"Download HTML intermediate file\" feature. Version 2.8.0 fixes the issue."}, {"lang": "es", "value": "Stirling-PDF es una aplicaci\u00f3n web alojada localmente que le permite realizar varias operaciones en archivos PDF. En la versi\u00f3n 2.7.3, el endpoint /API/v1/convert/eml/pdf con el par\u00e1metro downloadHtml=true devuelve HTML sin sanear del cuerpo del correo electr\u00f3nico con Content-Type: text/html. Un atacante que env\u00eda un correo electr\u00f3nico malicioso a un usuario de Stirling-PDF puede lograr la ejecuci\u00f3n de JavaScript cuando ese usuario exporta el correo electr\u00f3nico utilizando la funci\u00f3n 'Descargar archivo HTML intermedio'. La versi\u00f3n 2.8.0 corrige el problema."}], "id": "CVE-2026-34071", "lastModified": "2026-03-30T13:26:50.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-03-26T17:16:41.647", "references": [{"source": "[email protected]", "url": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-xmhg-fv84-jgfc"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.7.3"}}], "enrichment": {"confidence": 82.0, "confidence_source": "matching", "scores": [{"score": 82.0, "source": "matching"}]}, "original": {"product": "Stirling-PDF", "source": "cna", "vendor": "Stirling-Tools"}, "product": "stirling_pdf", "vendor": "stirlingpdf"}], "analysis": {"en": {"generated_at": "2026-03-26T18:36:33.636050+00:00", "value": {"mitigation_remediation": ["Update Stirling-PDF to version 2.8.0 or later", "Verify that future emails are scanned or use a controlled export process"], "summary": {"action": "Patch Immediately", "impact": "JavaScript execution in user browsers via stored XSS"}, "threat_synthesis": {"affected_systems": "Stirling\u2011Tools Stirling\u2011PDF version 2.7.3 is affected. The issue is fixed in version 2.8.0; all later releases are considered safe until further notice.", "description_and_impact": "Stirling-PDF, a local web application for managing PDF files, contains a stored cross\u2011site scripting flaw. The /api/v1/convert/eml/pdf endpoint, when called with downloadHtml=true, returns unsanitized HTML from an email body set as text/html. An attacker who can send a crafted email to a user can insert malicious JavaScript that runs when the victim uses the \"Download HTML intermediate file\" feature, providing the attacker with the ability to execute arbitrary script in the victim\u2019s browser.", "risk_and_exploitability": "The CVSS score of 5.4 indicates moderate severity, and no EPSS data or KEV listing is available, suggesting the vulnerability is not widely exploited yet. The likely attack vector is through the web interface: an attacker delivers a malicious EML file to a user, tricking them into downloading the exported HTML, which then executes the injected script. The scope is confined to the user\u2019s browser session but could allow data exfiltration or session hijacking if the attacker can obtain sensitive information or manipulate the session context."}}}}, "created": "2026-03-27T08:33:39.331203+00:00", "updated": "2026-03-27T09:26:04.616030+00:00", "vendors": ["stirlingpdf", "stirlingpdf$PRODUCT$stirling_pdf"]}