Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting.
References
Link | Resource |
---|---|
https://github.com/kovidgoyal/calibre/commit/863abac24e7bc3e5ca0b3307362ff1953ba53fe0 | Patch |
https://starlabs.sg/advisories/24/24-7008/ | Exploit Third Party Advisory |
Configurations
History
19 Aug 2024, 17:19
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
First Time |
Calibre-ebook calibre
Calibre-ebook |
|
References | () https://github.com/kovidgoyal/calibre/commit/863abac24e7bc3e5ca0b3307362ff1953ba53fe0 - Patch | |
References | () https://starlabs.sg/advisories/24/24-7008/ - Exploit, Third Party Advisory |
06 Aug 2024, 16:30
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Aug 2024, 04:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-06 04:16
Updated : 2024-08-19 17:19
NVD link : CVE-2024-7008
Mitre link : CVE-2024-7008
CVE.ORG link : CVE-2024-7008
JSON object : View
Products Affected
calibre-ebook
- calibre
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')