CVE-2024-9075

A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.29.0 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains that "this functionality was removed in 0.29.0 already" and "we plan to re-add at later date with issue resolved".
Configurations

Configuration 1 (hide)

cpe:2.3:a:stirlingpdf:stirling_pdf:*:*:*:*:*:*:*:*

History

30 Sep 2024, 15:27

Type Values Removed Values Added
CVSS v2 : 2.1
v3 : 2.6
v2 : 2.1
v3 : 5.4
First Time Stirlingpdf
Stirlingpdf stirling Pdf
CPE cpe:2.3:a:stirlingpdf:stirling_pdf:*:*:*:*:*:*:*:*
References () https://drive.google.com/file/d/1J4TnzgzKOEvMck3kpaFuR6zfSVt7YgKu/view?usp=sharing - () https://drive.google.com/file/d/1J4TnzgzKOEvMck3kpaFuR6zfSVt7YgKu/view?usp=sharing - Exploit
References () https://vuldb.com/?ctiid.278242 - () https://vuldb.com/?ctiid.278242 - Permissions Required
References () https://vuldb.com/?id.278242 - () https://vuldb.com/?id.278242 - Third Party Advisory
References () https://vuldb.com/?submit.406335 - () https://vuldb.com/?submit.406335 - Third Party Advisory

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Se ha detectado una vulnerabilidad en Stirling-Tools Stirling-PDF hasta la versión 0.28.3. Se ha declarado como problemática. Esta vulnerabilidad afecta al código desconocido del componente Markdown-to-PDF. La manipulación conduce a cross site scripting. El ataque puede iniciarse de forma remota. La complejidad de un ataque es bastante alta. La explotación parece ser difícil. La actualización a la versión 0.29.0 puede solucionar este problema. Se recomienda actualizar el componente afectado. El proveedor explica que "esta funcionalidad ya se eliminó en la versión 0.29.0" y "planeamos volver a agregarla más adelante cuando el problema esté resuelto".

22 Sep 2024, 04:15

Type Values Removed Values Added
Summary (en) A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. (en) A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.29.0 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains that "this functionality was removed in 0.29.0 already" and "we plan to re-add at later date with issue resolved".

21 Sep 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-21 23:15

Updated : 2024-09-30 15:27


NVD link : CVE-2024-9075

Mitre link : CVE-2024-9075

CVE.ORG link : CVE-2024-9075


JSON object : View

Products Affected

stirlingpdf

  • stirling_pdf
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')