CVE-2024-39123
published 2024-07-19CVE-2024-39123: In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by…
PriorityP341medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
22.89%
97.5th percentile
In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| calibreweb | calibreweb | 0.6.0 – 0.6.21 | — |
| janeczku | calibre-web | 0.6.0 – 0.6.21 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Calibre-Web Cross Site Scripting (XSS)
ghsa·2024-07-19
CVE-2024-39123 [MEDIUM] CWE-79 Calibre-Web Cross Site Scripting (XSS)
Calibre-Web Cross Site Scripting (XSS)
In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.
OSV
Calibre-Web Cross Site Scripting (XSS)
osv·2024-07-19
CVE-2024-39123 [MEDIUM] Calibre-Web Cross Site Scripting (XSS)
Calibre-Web Cross Site Scripting (XSS)
In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.
No detection rules found.
No writeups or analysis indexed.
2024-07-19
Published