CVE-2024-45389

Summary

CVE-2024-45389 identifies a vulnerability in the Pagefind static search library, affecting versions prior to 1.1.1. The flaw allows an attacker to manipulate the document.currentScript.src reference through benign HTML injection, potentially leading to privilege escalation if the attacker can inject HTML into a live website. This attack requires low privileges and does not necessitate user interaction, but has a high attack complexity and can impact availability. To remediate the issue, users should upgrade to Pagefind version 1.1.1 or later, which tightens the resolution process for loading sources. The vulnerability poses a medium severity risk with potential integrity and availability impacts, categorized under improper input neutralization leading to cross-site scripting (CWE-79).

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.