CVE-2024-32489

MEDIUM

TCPDF < 6.7.4 - Cross-Site Scripting via HTML Syntax Mishandling

Title source: llm

TCPDF before 6.7.4 mishandles calls that use HTML syntax.

Core 4

Core References

Mailing List

Patch

Patch

Product

CVSS v3 6.1

EPSS 0.0058

EPSS Percentile 43.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

CWE

CWE-80

Status published

Products (2)

tcpdf_project/tcpdf < 6.7.4

tecnickcom/tcpdf 0 - 6.7.4Packagist

Published Apr 15, 2024

Tracked Since Feb 18, 2026