PT-2024-39409 · Stirling Tools · Stirling-Pdf
Nilesh
·
Published
2024-09-21
·
Updated
2024-09-30
·
CVE-2024-9075
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Stirling-Tools Stirling-PDF versions up to 0.28.3
Description
A vulnerability was found in the Markdown-to-PDF component of Stirling-Tools Stirling-PDF, leading to cross-site scripting. The attack can be initiated remotely, with a rather high complexity and difficult exploitation.
Recommendations
For Stirling-Tools Stirling-PDF versions up to 0.28.3, upgrade to version 0.29.0 to address this issue. As a temporary workaround, consider disabling the Markdown-to-PDF functionality until the upgrade is applied.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Stirling-Pdf