CVE-2024-39123

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-39123

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39123.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-39123

Aliases

GHSA-j22r-3rf3-cv25

Published

2024-07-19T20:15:07.797Z

Modified

2026-03-13T07:56:02.078122Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In janeczku Calibre-Web 0.6.0 to 0.6.21, the editbookcomments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the cleanstring function. The vulnerability arises from the way the cleanstring function handles HTML sanitization.

References

https://github.com/pentesttoolscom/vulnerability-research/tree/master/CVE-2024-39123

Affected packages

Git / github.com/janeczku/calibre-web

Affected ranges

Type

GIT

Repo

https://github.com/janeczku/calibre-web

Events

Introduced

d81cb2927abcba3c4d198ecce9dca78550f676e1

Last affected

c45188beb22adc5416bb8fd73fa23bf5270f7759

Database specific

{
    "versions": [
        {
            "introduced": "0.6.0"
        },
        {
            "last_affected": "0.6.21"
        }
    ]
}

Affected versions

0.*

0.6.0

0.6.10

0.6.11

0.6.12

0.6.13

0.6.14

0.6.15

0.6.16

0.6.17

0.6.18

0.6.19

0.6.2

0.6.20

0.6.21

0.6.3

0.6.4

0.6.5

0.6.6

0.6.7

0.6.8

0.6.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39123.json"