2 matches found
CVE-2024-45389 Pagefind DOM clobbering could escalate to Cross-site Scripting (XSS)
Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of document.currentScript.src. Prior to Pagefind version 1.1.1, it is possible to...
Pagefind 安全漏洞
Pagefind is a fully static search library open-sourced by CloudCannon. A security vulnerability exists in Pagefind version 1.1.1 and prior versions, which stems from a lookup of the document.currentScript.src value that can be overridden by other HTML elements on the page, which could lead to an...