Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in version 0.8.1.
References
Configurations
No configuration.
History
21 Nov 2024, 09:27
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/Kareadita/Kavita/security/advisories/GHSA-r4qc-3w52-2v84 - |
01 Jul 2024, 12:37
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
28 Jun 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-28 21:15
Updated : 2024-11-21 09:27
NVD link : CVE-2024-39307
Mitre link : CVE-2024-39307
CVE.ORG link : CVE-2024-39307
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')