CVE-2024-41943

Name of the Vulnerable Software and Affected Versions I, Librarian versions prior to 5.11.1

Description The issue arises from the lack of validation or sanitation of PDF notes displayed on the Item Summary page. An attacker can exploit this by inserting a malicious payload into the PDF notes, which will be executed when the page is loaded in the browser.

Recommendations For versions prior to 5.11.1, update to version 5.11.1 to resolve the issue. As a temporary workaround, consider restricting access to the Item Summary page or disabling the display of PDF notes until the update can be applied.