How severe is CVE-2022-30351?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2022-30351?

This is classified as CWE-116, which is a common weakness in software security.

CVE-2022-30351 - HIGH Severity | CVSS 7.5

Vulnerability Description

PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to correctly remove redacted information from a supplied PDF file, does not properly sanitize this information in all cases, causing redacted information, including images and text embedded in the PDF file, to be leaked unintentionally. In cases where PDF text objects are present it is possible to copy-paste redacted information into the system clipboard. Once a document is "locked" and marked for redaction once, all redactions performed after this feature is triggered are vulnerable.

Related Vulnerabilities

CVE-2016-3063

HIGH

CVSS:7.5(High)

Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vec...

CWE-1162016

CVE-2017-12064

HIGH

CVSS:7.5(High)

The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior allows attackers to bypass intended access restrictions via a crafted name.

CWE-1162017

CVE-2018-16386

HIGH

CVSS:7.5(High)

An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log filename) can be achieved via the PATH_INFO to swp/login/EJBRemoteService/, related to com.swift.ej...

CWE-1162018

CVE-2018-18838

HIGH

CVSS:7.5(High)

An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry.

CWE-1162018

CVE-2019-4326

HIGH

CVSS:7.5(High)

"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."

CWE-1162019

CVE-2020-13625

HIGH

CVSS:7.5(High)

PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or an...

CWE-1162020