GCVE - cpe:2.3:a:n/a:browsershot:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:browsershot:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Browsershot (`7c512740-dc07-5f86-8a3a-43356d9070bf`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-43984`	vulnerable	2026-06-08 05:49:35.209700	Browsershot 3.57.3 - Server Side XSS to LFR via HTML Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol. Published: 2022-11-25T00:00:00.000Z Updated: 2025-12-03T20:10:14.883Z Open on db.gcve.eu Reference links https://fluidattacks.com/advisories/malone/ https://github.com/spatie/browsershot/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-43983`	vulnerable	2026-06-08 05:49:35.208595	Browsershot 3.57.2 - Server Side XSS to LFR via HTML Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol. Published: 2022-11-25T00:00:00.000Z Updated: 2025-12-03T20:05:20.438Z Open on db.gcve.eu Reference links https://github.com/spatie/browsershot/ https://fluidattacks.com/advisories/khalid/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-41706`	vulnerable	2026-06-08 05:48:30.827251	Browsershot 3.57.2 - Server Side XSS to LFR via URL Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method. Published: 2022-11-25T00:00:00.000Z Updated: 2025-12-03T20:06:46.028Z Open on db.gcve.eu Reference links https://github.com/spatie/browsershot/ https://fluidattacks.com/advisories/eminem/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.