Low Severity
Published: Jun 24, 2025

[GitHub] pdf-xss-checker

Xss
Type
N/A
CVSS Score
4
Views
Anonymous
Author

Description

pdf-xss-checker is a Node.js tool designed to scan PDF files for potential Cross-Site Scripting (XSS) vulnerabilities. It analyzes embedded scripts, forms and suspicious content to help identify security risks in PDFs before they're distributed or displayed in browsers.

# PDF XSS Checker

A Node.js package to verify if PDFs contain XSS (Cross-Site Scripting) vulnerabilities.

## Installation

```bash
npm install pdf-xss-checker
```

## Features

- **PDF Content Extraction**: Extracts and analyzes text content from PDF files
- **XSS Detection**: Identifies potential XSS vulnerabilities using pattern matching
- **JavaScript Injection Detection**: Detects JavaScript code that could lead to security issues
- **Form Injection Detection**: Identifies form-based attack vectors
- **Simple API**: Easy-to-use API for both file and buffer inputs
- **Detailed Reporting**: Comprehensive vulnerability reports with location information
- **Command-line Interface**: Scan PDFs directly from the terminal
- **Configurable Security Rules**: Adjust detection thresholds based on your security needs

## Usage

### API Usage

```javascript
const pdfXssChecker = require('pdf-xss-checker');

// Scan a PDF file
async function checkPdf() {
try {
const results = await pdfXssChecker.scanPdf('./document.pdf');

if (results.success) {
console.log(`Safe to use: ${results.safeToUse ? 'Yes' : 'No'}`);
console.log(`Found ${results.vulnerabilities.length} potential vulnerabilities`);

// Print vulnerabilities
results.vulnerabilities.forEach(vuln => {
console.log(`- ${vuln.name}: ${vuln.description} (${vuln.severity})`);
});
} else {
console.error(`Error: ${results.error}`);
}
} catch (error) {
console.error('Error scanning PDF:', error);
}
}

// Scan a PDF buffer
async function checkBuffer(buffer) {
try {
const results = await pdfXssChecker.scanBuffer(buffer);
console.log(`PDF is safe to use: ${results.safeToUse}`);
return results;
} catch (error) {
console.error('Error scanning buffer:', error);
}
}
```

### Advanced Options

```javascript
const options = {
threshold: 'medium', // Severity threshold: 'low', 'medium', 'high', 'critical'
detectors: ['xss', 'js', 'f

References

Community Rating
0

Login to rate this exploit

Quick Actions
Related Exploits
Low Apple Framework - Dos...
Medium [webapps] WordPress User Registration & Membership Plugin 4....
Low WordPress Database - Buffer Overflow...