CVE-2024-9283 – relaxedjs

Package

Manager: npm
Name: relaxedjs
Vulnerable Version: >=0 <=0.2.5

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

EPSS: 0.00066 pctl0.20946

Details

ReLaXed Cross-site Scripting vulnerability A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF Converter. The manipulation leads to cross site scripting. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Metadata

Created: 2024-09-27T15:30:35Z
Modified: 2024-10-08T18:56:10Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-gj3p-j74v-3x57/GHSA-gj3p-j74v-3x57.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-gj3p-j74v-3x57
Finding: F008
Auto approve: 1