EUVD-2024-2804

Malicious code in bioql PyPI...

CVE-2024-45389

Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of document.currentScript.src. Prior to Pagefind version 1.1.1, it is possible to...

DOM Clobbering

pagefind is vulnerable to DOM Clobbering. The vulnerability is caused due to a missing validation and sanitization where it is possible to clobber the look up document.currentScript.src. This will cause document.currentScript.src to resolve as an external domain, which will then be used by Pagefi...

CVE-2024-45389

Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of document.currentScript.src. Prior to Pagefind version 1.1.1, it is possible to...

@astrojs/starlight (>=0.0.1 <=0.9.1), @jti/doctools (>=1.0.0 <=1.3.7) +4 more potentially affected by CVE-2024-45389 via pagefind (>=0.11.0 <=1.1.0)

pagefind NPM version =0.11.0, =0.0.1, =1.0.0, =0.0.1, =1.0.0, =0.8.0, =0.0.11, =0.0.14 Source cves: CVE-2024-45389 Source advisory: OSV:GHSA-GPRJ-6M2F-J9HX...

DOM clobbering could escalate to Cross-site Scripting (XSS)

Pagefind initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script you load. This information is gathered by looking up the value of document.currentScript.src. It is possible to "clobber" this lookup with otherwise benign HTML on the page, for example:...

@astrojs/starlight (>=0.0.1 <=0.9.1), astro-pagefind (>=1.0.0 <=1.2.4) potentially affected by CVE-2024-45389 via @pagefind/default-ui (>=0.11.0 <=1.0.0-beta.2)

@pagefind/default-ui NPM version =0.11.0, =0.0.1, =1.0.0, =1.2.4 Source cves: CVE-2024-45389 Source advisory: OSV:GHSA-GPRJ-6M2F-J9HX...

GHSA-GPRJ-6M2F-J9HX DOM clobbering could escalate to Cross-site Scripting (XSS)

Pagefind initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script you load. This information is gathered by looking up the value of document.currentScript.src. It is possible to "clobber" this lookup with otherwise benign HTML on the page, for example:...

CVE-2024-45389 Pagefind DOM clobbering could escalate to Cross-site Scripting (XSS)

Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of document.currentScript.src. Prior to Pagefind version 1.1.1, it is possible to...

CVE-2024-45389

Affected software : Pagefind (static search library). Vulnerability : DOM clobbering affecting how Pagefind resolves its dependencies by reading document.currentScript.src. Before version 1.1.1, an attacker could inject benign HTML to override the lookup, causing currentScript.src to point to an ...

CVE-2024-45389 Pagefind DOM clobbering could escalate to Cross-site Scripting (XSS)

Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of document.currentScript.src. Prior to Pagefind version 1.1.1, it is possible to...

CVE-2024-45389 Pagefind DOM clobbering could escalate to Cross-site Scripting (XSS)

Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of document.currentScript.src. Prior to Pagefind version 1.1.1, it is possible to...

Pagefind 安全漏洞

Pagefind is a fully static search library open-sourced by CloudCannon. A security vulnerability exists in Pagefind version 1.1.1 and prior versions, which stems from a lookup of the document.currentScript.src value that can be overridden by other HTML elements on the page, which could lead to an...

PT-2024-31592 · Pagefind · Pagefind

Name of the Vulnerable Software and Affected Versions: Pagefind versions prior to 1.1.1 Description: A DOM Clobbering vulnerability exists in Pagefind, allowing an attacker to inject malicious HTML and escalate privileges. This occurs when an attacker can add elements to a page, such as img tags...