CVE-2024-41943

4.6 MEDIUM

Published: July 30, 2024 Modified: April 15, 2026

Description

I, Librarian is an open-source version of a PDF managing SaaS. PDF notes are displayed on the Item Summary page without any form of validation or sanitation. An attacker can exploit this vulnerability by inserting a payload in the PDF notes that contains malicious code or script. This code will then be executed when the page is loaded in the browser. The vulnerability was fixed in version 5.11.1.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://github.com/mkucej/i-librarian-free/commit/b4570103d21fc4fdd2483689aafc6028d9f6a76d

Source: security-advisories@github.com

https://github.com/mkucej/i-librarian-free/security/advisories/GHSA-h5hx-fm7f-2xmx

Source: security-advisories@github.com

https://github.com/mkucej/i-librarian-free/commit/b4570103d21fc4fdd2483689aafc6028d9f6a76d

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/mkucej/i-librarian-free/security/advisories/GHSA-h5hx-fm7f-2xmx

Source: af854a3a-2127-422b-91ae-364da2661108

4 reference(s) from NVD

Quick Stats

CVSS v3 Score

4.6 / 10.0

EPSS (Exploit Probability)

0.4%

61th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-79

Related CVEs

CVE-2026-40962 4.9

CVE-2026-40505 3.3

CVE-2026-40504 9.8

CVE-2026-3299 6.4

CVE-2026-40960 8.1