7 matches found
CVE-2024-45389
Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of document.currentScript.src. Prior to Pagefind version 1.1.1, it is possible to...
CVE-2024-45389
creationtimestamp| type| source ---|---|--- 2024-09-03 23:19:47+00:00| seen| https://t.me/cvedetector/4715 2026-06-19 12:46:35+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/915563c6-c8fb-4ab5-a4e3-eb634a4928b0...
@astrojs/starlight (>=0.0.1 <=0.9.1), @jti/doctools (>=1.0.0 <=1.3.7) +4 more potentially affected by CVE-2024-45389 via pagefind (>=0.11.0 <=1.1.0)
pagefind NPM version =0.11.0, =0.0.1, =1.0.0, =0.0.1, =1.0.0, =0.8.0, =0.0.11, =0.0.14 Source cves: CVE-2024-45389 Source advisory: OSV:GHSA-GPRJ-6M2F-J9HX...
@astrojs/starlight (>=0.0.1 <=0.9.1), astro-pagefind (>=1.0.0 <=1.2.4) potentially affected by CVE-2024-45389 via @pagefind/default-ui (>=0.11.0 <=1.0.0-beta.2)
@pagefind/default-ui NPM version =0.11.0, =0.0.1, =1.0.0, =1.2.4 Source cves: CVE-2024-45389 Source advisory: OSV:GHSA-GPRJ-6M2F-J9HX...
CVE-2024-45389
Affected software : Pagefind (static search library). Vulnerability : DOM clobbering affecting how Pagefind resolves its dependencies by reading document.currentScript.src. Before version 1.1.1, an attacker could inject benign HTML to override the lookup, causing currentScript.src to point to an ...
CVE-2024-45389 Pagefind DOM clobbering could escalate to Cross-site Scripting (XSS)
Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of document.currentScript.src. Prior to Pagefind version 1.1.1, it is possible to...
CVE-2024-45389 Pagefind DOM clobbering could escalate to Cross-site Scripting (XSS)
Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of document.currentScript.src. Prior to Pagefind version 1.1.1, it is possible to...