cbcvebase.
CVE-2024-7008
published 2024-08-06

CVE-2024-7008: Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting.

PriorityP346medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
24.06%
97.6th percentile
Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting.

Affected

7 ranges
VendorProductVersion rangeFixed in
calibre-ebookcalibre<= 7.15.0
calibrecalibre
calibrecalibre>= 0 < 5.12.0+dfsg-1+deb11u25.12.0+dfsg-1+deb11u2
calibrecalibre>= 0 < 6.13.0+repack-2+deb12u46.13.0+repack-2+deb12u4
calibrecalibre>= 0 < 7.16.0+ds-17.16.0+ds-1
calibrecalibre>= 0 < 7.16.0+ds-17.16.0+ds-1
debiancalibre< calibre 6.13.0+repack-2+deb12u4 (bookworm)calibre 6.13.0+repack-2+deb12u4 (bookworm)

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM
vendor_debian5.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.