Bitwarden Vulnerability Exposes Users to Malicious JavaScript in PDFs

A recent investigation has revealed a cross-site scripting (XSS) vulnerability in Bitwarden (≤ v2.25.1) that allows an attacker to upload a specially crafted PDF and execute code in the browser of any user who opens it. This vulnerability exposes millions of password vaults. The company has not yet responded to this threat.