CVE-2024-9075 LOW

CVE-2024-9075: Stirling-Tools Stirling-PDF Markdown-to-PDF cross site scripting

Vendor Stirling-Tools
Product Stirling-PDF
Weakness CWE-79 · XSS
Published September 21, 2024
Last update September 23, 2024
View on NVD All CVEs

CVSS base score

2.3/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.29.0 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains that "this functionality was removed in 0.29.0 already" and "we plan to re-add at later date with issue resolved".

Key dates

02Disclosure timeline

September 21, 2024 CVE published
September 23, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-68977 WordPress DesignThemes Portfolio Addon plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability CVE-2019-15268 Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities CVE-2024-49633 WordPress DirectoryPress plugin <= 3.6.19 - Cross Site Scripting (XSS) vulnerability CVE-2024-27961 WordPress AntiSpam for Contact Form 7 plugin <= 0.6.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-53749 WordPress Post Carousel Slider for Elementor plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability