CVE-2024-9283: ReLaXed Cross-site Scripting vulnerability

September 27, 2024 (updated October 8, 2024)

A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF Converter. The manipulation leads to cross site scripting. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

References

drive.google.com/file/d/1Ll1dRwQds8987S-l5o2iJu4MQRG-p4-A/view?usp=sharing
github.com/RelaxedJS/ReLaXed
github.com/advisories/GHSA-gj3p-j74v-3x57
nvd.nist.gov/vuln/detail/CVE-2024-9283
vuldb.com/?ctiid.278676
vuldb.com/?id.278676
vuldb.com/?submit.411185

Code Behaviors & Features

Detect and mitigate CVE-2024-9283 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →