VDB
CVE-2024-45389
CVE-2024-45389
PUBLISHED
CVSS 6.400000095367432 MEDIUM
DOM clobbering could escalate to Cross-site Scripting (XSS)
EPSS 1.21% · 79.3th percentile
Risk Scores
CVSS v3.1
6.400000095367432
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
EPSS Score
1.21%
79.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| pagefind | pagefind | 1.1.1, 1.1.1, 1.1.1 |
| crates.io | pagefind | 0 |
| pagefind | default-ui | 0 |
| cloudcannon | pagefind | 0 |
| npm | pagefind | 0 |
| pagefind | modular-ui | 0 |
| CloudCannon | pagefind | < 1.1.1 |
Timeline
- Jan 21, 1970 Security Advisory
- Sep 3, 2024 CVE Published
- Sep 3, 2024 CVE Updated
- Sep 4, 2024 EPSS Score
- Sep 24, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 14, 2024 EPSS Score
- Nov 3, 2024 EPSS Score
- Nov 23, 2024 EPSS Score
- Dec 14, 2024 EPSS Score
- Jan 3, 2025 EPSS Score
- Jan 23, 2025 EPSS Score
References
- https://github.com/CloudCannon/pagefind/security/advisories/GHSA-gprj-6m2f-j9hx url
- https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986 url
- https://github.com/CloudCannon/pagefind/commit/14ec96864eabaf1d7d809d5da0186a8856261eeb url
- https://nvd.nist.gov/vuln/detail/CVE-2024-45389 advisory
- https://github.com/CloudCannon/pagefind package