An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading.
Metrics
Affected Vendors & Products
References
History
Tue, 29 Oct 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Viewerjs
Viewerjs viewerjs |
|
Weaknesses | CWE-601 | |
CPEs | cpe:2.3:a:viewerjs:viewerjs:0.5.8:*:*:*:*:*:*:* | |
Vendors & Products |
Viewerjs
Viewerjs viewerjs |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-05-01T00:00:00
Updated: 2024-10-29T18:02:26.845Z
Reserved: 2024-02-09T00:00:00
Link: CVE-2024-25676
Vulnrichment
Updated: 2024-08-01T23:52:05.651Z
NVD
Status : Awaiting Analysis
Published: 2024-05-01T20:15:12.733
Modified: 2024-10-29T18:35:03.590
Link: CVE-2024-25676
Redhat
No data.