Nilesh

**Name of the Vulnerable Software and Affected Versions** RelaxedJS ReLaXed versions up to 0.2.2 **Description** A problematic issue has been found in the Pug to PDF Converter component, which can lead to cross-site scripting. The manipulation requires a local approach to execute an attack. The issue has been publicly disclosed. **Recommendations** For RelaxedJS ReLaXed versions up to 0.2.2, consider disabling the Pug to PDF Converter component until a patch is available to prevent potential cross-site scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Stirling-Tools Stirling-PDF versions up to 0.28.3 **Description** A vulnerability was found in the Markdown-to-PDF component of Stirling-Tools Stirling-PDF, leading to cross-site scripting. The attack can be initiated remotely, with a rather high complexity and difficult exploitation. **Recommendations** For Stirling-Tools Stirling-PDF versions up to 0.28.3, upgrade to version 0.29.0 to address this issue. As a temporary workaround, consider disabling the Markdown-to-PDF functionality until the upgrade is applied.