BentoPDF Cross-Site Scripting Vulnerability
Vulnerability
A cross-site scripting vulnerability has been identified in BentoPDF, a client-side PDF toolkit, affecting versions through 2.8.2. This vulnerability allows an attacker to execute arbitrary JavaScript in certain situations within the Markdown to PDF Tool.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected JavaScript is executed in the context of the user.
Remediation
Users are advised to upgrade to BentoPDF version 2.8.3 or later.
Added: May 7, 2026, 7:56 PM
Updated: May 7, 2026, 7:56 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
1.7exploitability
6.4remediation
0.0relevance
7.7threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.