SecuriTricks - CVE-2024-9075

Description

A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.29.0 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains that "this functionality was removed in 0.29.0 already" and "we plan to re-add at later date with issue resolved".

Product(s) Impacted

Vendor	Product	Versions
Stirlingpdf	Stirling Pdf	*

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	stirlingpdf	stirling_pdf	/	/	/	/	/	/	/	/

References

https://drive.google.com/file/d/1J4TnzgzKOEvMck3kpaFuR6zfSVt7YgKu/view?usp=sharing

https://vuldb.com/?ctiid.278242

https://vuldb.com/?id.278242

https://vuldb.com/?submit.406335

CVSS Score

5.4 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: LOW
Scope: CHANGED
Confidentiality Impact: LOW
Integrity Impact: LOW
Availability Impact: NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

View Vector String

Timeline

Published: Sept. 21, 2024, 11:15 p.m.
Last Modified: Sept. 30, 2024, 3:27 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

cna@vuldb.com

CVE-2024-9075