4 matches found
CVE-2024-50344
I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context...
CVE-2024-50344 I, Librarian has a Stored XSS vulnerability in Supplemental Files
I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context...
CVE-2024-50344 I, Librarian has a Stored XSS vulnerability in Supplemental Files
I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context...
CVE-2024-50344
I, Librarian is affected by a vulnerability in its handling of Supplemental Files. Versions prior to 5.11.2 allow unsafe files containing JavaScript to execute within the application context due to broken MIME-type whitelisting. The issue can be triggered by uploading a malicious file and has bee...