XSS in Stirling-tools Stirling-pdf
CVE-2024-52286
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input (file name) and uses it directly in the creation of HTML p…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.002 (45.3th percentile) — read the EPSS interpretation.
Affected products
- Stirling-tools Stirling-pdf — versions < 0.32.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2024-52286?
- CVE-2024-52286 is a vulnerability in Stirling-tools Stirling-pdf, classified under Improper Input Validation. Published 2024-11-11.
- Is CVE-2024-52286 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.