Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:32 a.m.5 views

CVE-2024-45389

Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of document.currentScript.src. Prior to Pagefind version 1.1.1, it is possible to...

6.4CVSS5.9AI score0.00397EPSS
Exploits0
Circl
Circl
added 2024/09/03 11:19 p.m.6 views

CVE-2024-45389

creationtimestamp| type| source ---|---|--- 2024-09-03 23:19:47+00:00| seen| https://t.me/cvedetector/4715 2026-06-19 12:46:35+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/915563c6-c8fb-4ab5-a4e3-eb634a4928b0...

6.4CVSS5.8AI score0.00397EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/09/03 7:33 p.m.6 views

@astrojs/starlight (>=0.0.1 <=0.9.1), @jti/doctools (>=1.0.0 <=1.3.7) +4 more potentially affected by CVE-2024-45389 via pagefind (>=0.11.0 <=1.1.0)

pagefind NPM version =0.11.0, =0.0.1, =1.0.0, =0.0.1, =1.0.0, =0.8.0, =0.0.11, =0.0.14 Source cves: CVE-2024-45389 Source advisory: OSV:GHSA-GPRJ-6M2F-J9HX...

6.4CVSS5.8AI score0.00397EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/09/03 7:33 p.m.9 views

@astrojs/starlight (>=0.0.1 <=0.9.1), astro-pagefind (>=1.0.0 <=1.2.4) potentially affected by CVE-2024-45389 via @pagefind/default-ui (>=0.11.0 <=1.0.0-beta.2)

@pagefind/default-ui NPM version =0.11.0, =0.0.1, =1.0.0, =1.2.4 Source cves: CVE-2024-45389 Source advisory: OSV:GHSA-GPRJ-6M2F-J9HX...

6.4CVSS5.8AI score0.00397EPSS
Exploits0
CVE
CVE
added 2024/09/03 7:30 p.m.59 views

CVE-2024-45389

Affected software : Pagefind (static search library). Vulnerability : DOM clobbering affecting how Pagefind resolves its dependencies by reading document.currentScript.src. Before version 1.1.1, an attacker could inject benign HTML to override the lookup, causing currentScript.src to point to an ...

6.4CVSS5.7AI score0.00397EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/03 7:30 p.m.13 views

CVE-2024-45389 Pagefind DOM clobbering could escalate to Cross-site Scripting (XSS)

Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of document.currentScript.src. Prior to Pagefind version 1.1.1, it is possible to...

6.4CVSS6.3AI score0.00397EPSS
Exploits0References3
OSV
OSV
added 2024/09/03 7:30 p.m.31 views

CVE-2024-45389 Pagefind DOM clobbering could escalate to Cross-site Scripting (XSS)

Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of document.currentScript.src. Prior to Pagefind version 1.1.1, it is possible to...

6.4CVSS6AI score0.00397EPSS
Exploits0References5
Rows per page
Query Builder