CVE-2022-43984 is a high-severity Server-Side Cross-Site Scripting (XSS) vulnerability affecting Browsershot version 3.57.3, a PHP package commonly used to convert HTML into images or PDFs by leveraging headless browsers. The vulnerability arises because Browsershot's html method does not properly validate JavaScript content imported from external sources, specifically failing to restrict URLs using the file:// protocol. This flaw allows an attacker to craft malicious HTML/JS content that, when processed by Browsershot, can access arbitrary local files on the server hosting the application. The root cause is improper input validation and insufficient sanitization of external content before rendering. Exploitation requires the attacker to supply crafted HTML content that includes file:// URLs, which Browsershot then processes without restriction. This leads to unauthorized disclosure of sensitive local files, impacting confidentiality. The vulnerability has a CVSS 3.1 base score of 8.2 (high), with an attack vector of network (remote), low attack complexity, no privileges required, but user interaction is needed (the attacker must supply malicious input). The scope is changed, indicating that the vulnerability affects components beyond the initially vulnerable one, potentially impacting the entire system. The integrity impact is low, as the vulnerability primarily leaks information rather than modifying data. Availability is not affected. No known public exploits have been reported yet. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), highlighting its nature as an XSS flaw occurring server-side during HTML processing. Since Browsershot is often integrated into web applications for rendering purposes, this vulnerability can be leveraged to exfiltrate sensitive server files, such as configuration files, credentials, or other private data, posing a significant threat to confidentiality.

For European organizations, the impact of CVE-2022-43984 can be substantial, especially for those relying on Browsershot for document generation or HTML rendering services. Successful exploitation could lead to unauthorized disclosure of sensitive internal files, including credentials, configuration files, or proprietary information, potentially enabling further attacks such as privilege escalation or lateral movement. This can result in data breaches, regulatory non-compliance (e.g., GDPR violations), reputational damage, and financial losses. Organizations in sectors with high data sensitivity—such as finance, healthcare, government, and critical infrastructure—are particularly at risk. Since the vulnerability requires supplying malicious HTML content, web-facing applications that accept user-generated content or external HTML inputs and use Browsershot for rendering are the primary attack surface. The confidentiality breach could expose personal data of EU citizens, triggering stringent legal consequences under European data protection laws. Additionally, the changed scope of the vulnerability suggests that the impact could extend beyond the immediate Browsershot component, potentially affecting other integrated systems or services within the application stack.

1. Immediate upgrade or patching: Although no official patch link is provided, organizations should check for updated Browsershot versions beyond 3.57.3 that address this vulnerability or apply vendor-provided patches if available. 2. Input validation and sanitization: Implement strict validation and sanitization of all HTML and JavaScript content passed to Browsershot, explicitly disallowing file:// protocol URLs or any local resource references. 3. Restrict external content sources: Limit or block the ability to import external JS or HTML content from untrusted sources before processing with Browsershot. 4. Use sandboxing: Run Browsershot processes in isolated environments with minimal privileges and restricted filesystem access to limit potential data exposure. 5. Monitor and log usage: Implement detailed logging of Browsershot invocations and inputs to detect anomalous or suspicious rendering requests that may indicate exploitation attempts. 6. Employ Web Application Firewalls (WAFs): Configure WAF rules to detect and block payloads containing file:// URLs or suspicious HTML/JS patterns targeting this vulnerability. 7. Conduct security reviews: Audit all application components that integrate Browsershot to ensure no untrusted content is processed without proper validation. 8. Educate developers: Raise awareness among development teams about the risks of processing untrusted HTML/JS content and secure coding practices related to server-side rendering.