CVE-2024-50344 - I, Librarian Cross-Site Scripting (XSS)

3 weeks ago 11
ARTICLE AD BOX
CVE ID : CVE-2024-50344
Published : Oct. 30, 2024, 4:15 p.m. | 24 minutes ago
Description : I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context. An attacker can exploit this vulnerability by uploading a supplementary file that contains a malicious code or script. This code will then be executed when the file is loaded in the browser. The vulnerability was fixed in version 5.11.2.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article