CVE-2022-39016: Pdftron: avoid possible account takeover with XSS
The Hubshare application appears to use a vulnerable version of PDFTron Webviewer UI for document viewing, collaboration and annotation
Risk level: Critical
Fix: Upgrade to version 188.8.131.52 or later.
The issue has been naturally fixed by upgrading the Pdftron Viewer library. No hubshare source code changes needed.
We thank Michael Newton <[email protected]> for responsible disclosure.
Date issued: 2022-08