CVE-2024-7008

Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting.
Configurations

Configuration 1 (hide)

cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:*

History

19 Aug 2024, 17:19

Type Values Removed Values Added
CPE cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 5.4
v2 : unknown
v3 : 6.1
First Time Calibre-ebook calibre
Calibre-ebook
References () https://github.com/kovidgoyal/calibre/commit/863abac24e7bc3e5ca0b3307362ff1953ba53fe0 - () https://github.com/kovidgoyal/calibre/commit/863abac24e7bc3e5ca0b3307362ff1953ba53fe0 - Patch
References () https://starlabs.sg/advisories/24/24-7008/ - () https://starlabs.sg/advisories/24/24-7008/ - Exploit, Third Party Advisory

06 Aug 2024, 16:30

Type Values Removed Values Added
Summary
  • (es) La entrada de usuario no sanitizada en Calibre &lt;= 7.15.0 permite a los atacantes cross-site scripting reflejado.

06 Aug 2024, 04:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-06 04:16

Updated : 2024-08-19 17:19


NVD link : CVE-2024-7008

Mitre link : CVE-2024-7008

CVE.ORG link : CVE-2024-7008


JSON object : View

Products Affected

calibre-ebook

  • calibre
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')