CVE-2024-25676

Name of the Vulnerable Software and Affected Versions ViewerJS version 0.5.8

Description An issue was discovered in ViewerJS where a script from the component loads content via URL TAGs without properly sanitizing it, leading to both open redirection and out-of-band resource loading.

Recommendations For ViewerJS version 0.5.8, consider disabling the script that loads content via URL TAGs until a patch is available. Restrict access to the component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.