{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34071", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-25T16:21:40.867Z", "datePublished": "2026-03-26T17:00:08.783Z", "dateUpdated": "2026-03-26T19:52:10.821Z"}, "containers": {"cna": {"title": "Stirling-PDF has Stored Cross Site Scripting (XSS) via EML-to-HTML Export", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-xmhg-fv84-jgfc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-xmhg-fv84-jgfc"}], "affected": [{"vendor": "Stirling-Tools", "product": "Stirling-PDF", "versions": [{"version": "= 2.7.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T17:00:08.783Z"}, "descriptions": [{"lang": "en", "value": "Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a malicious email to a Stirling-PDF user can achieve JavaScript execution when that user exports the email using the \"Download HTML intermediate file\" feature. Version 2.8.0 fixes the issue."}], "source": {"advisory": "GHSA-xmhg-fv84-jgfc", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34071", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T19:48:44.012488Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T19:52:10.821Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34071", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T19:48:44.012488Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T19:50:38.617Z"}}], "cna": {"title": "Stirling-PDF has Stored Cross Site Scripting (XSS) via EML-to-HTML Export", "source": {"advisory": "GHSA-xmhg-fv84-jgfc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Stirling-Tools", "product": "Stirling-PDF", "versions": [{"status": "affected", "version": "= 2.7.3"}]}], "references": [{"url": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-xmhg-fv84-jgfc", "name": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-xmhg-fv84-jgfc", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a malicious email to a Stirling-PDF user can achieve JavaScript execution when that user exports the email using the \"Download HTML intermediate file\" feature. Version 2.8.0 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T17:00:08.783Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34071", "state": "PUBLISHED", "dateUpdated": "2026-03-26T19:52:10.821Z", "dateReserved": "2026-03-25T16:21:40.867Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-26T17:00:08.783Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:stirling:stirling_pdf:2.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "05C89DFE-4268-4098-ADC1-9678605892D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a malicious email to a Stirling-PDF user can achieve JavaScript execution when that user exports the email using the \"Download HTML intermediate file\" feature. Version 2.8.0 fixes the issue."}, {"lang": "es", "value": "Stirling-PDF es una aplicaci\u00f3n web alojada localmente que le permite realizar varias operaciones en archivos PDF. En la versi\u00f3n 2.7.3, el endpoint /API/v1/convert/eml/pdf con el par\u00e1metro downloadHtml=true devuelve HTML sin sanear del cuerpo del correo electr\u00f3nico con Content-Type: text/html. Un atacante que env\u00eda un correo electr\u00f3nico malicioso a un usuario de Stirling-PDF puede lograr la ejecuci\u00f3n de JavaScript cuando ese usuario exporta el correo electr\u00f3nico utilizando la funci\u00f3n 'Descargar archivo HTML intermedio'. La versi\u00f3n 2.8.0 corrige el problema."}], "id": "CVE-2026-34071", "lastModified": "2026-05-14T20:04:44.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-26T17:16:41.647", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-xmhg-fv84-jgfc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.7.3"}}], "enrichment": {"confidence": 82.0, "confidence_source": "matching", "scores": [{"score": 82.0, "source": "matching"}]}, "original": {"product": "Stirling-PDF", "source": "cna", "vendor": "Stirling-Tools"}, "product": "stirling_pdf", "vendor": "stirlingpdf"}], "analysis": {"en": {"generated_at": "2026-04-01T06:18:51.761196+00:00", "value": {"mitigation_remediation": ["Upgrade Stirling-PDF to version 2.8.0 or later.", "If an immediate upgrade is not possible, disable the Export HTML feature or block the downloadHtml parameter for email imports.", "Consider monitoring or filtering incoming emails for malicious script content before import."], "summary": {"action": "Patch Immediately", "impact": "Stored XSS enabling JavaScript execution within the browser when a user exports a malicious email"}, "threat_synthesis": {"affected_systems": "Stirling-Tools\u2019 Stirling-PDF version 2.7.3 is affected. The issue is fixed in version 2.8.0. No other products or versions are listed as affected.", "description_and_impact": "The vulnerability lies in the /api/v1/convert/eml/pdf endpoint when downloadHtml=true, as Stirling-PDF returns unsanitized HTML from an email body. An attacker who can send a crafted email to a user can have that user execute arbitrary scripts in their browser upon exporting the email to HTML.", "risk_and_exploitability": "The CVSS score of 5.4 indicates moderate risk, while an EPSS score below 1% suggests a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The attack likely requires an attacker to deliver a malicious email to a user who subsequently uses the Export HTML feature, so it is a location\u2013adversary combination that is primarily local to the user\u2019s environment. Known remediation is to upgrade to the fixed version, which removes the ability to export unsanitized HTML."}}}}, "created": "2026-03-27T08:33:39.331203+00:00", "updated": "2026-04-02T07:58:56.802043+00:00", "vendors": ["stirlingpdf", "stirlingpdf$PRODUCT$stirling_pdf"]}