Vulnerability Details CVE-2024-39123
In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.0%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2024-39123
-
cpe:2.3:a:janeczku:calibre-web:0.6.0
-
cpe:2.3:a:janeczku:calibre-web:0.6.10
-
cpe:2.3:a:janeczku:calibre-web:0.6.11
-
cpe:2.3:a:janeczku:calibre-web:0.6.12
-
cpe:2.3:a:janeczku:calibre-web:0.6.13
-
cpe:2.3:a:janeczku:calibre-web:0.6.14
-
cpe:2.3:a:janeczku:calibre-web:0.6.15
-
cpe:2.3:a:janeczku:calibre-web:0.6.16
-
cpe:2.3:a:janeczku:calibre-web:0.6.17
-
cpe:2.3:a:janeczku:calibre-web:0.6.18
-
cpe:2.3:a:janeczku:calibre-web:0.6.19
-
cpe:2.3:a:janeczku:calibre-web:0.6.2
-
cpe:2.3:a:janeczku:calibre-web:0.6.20
-
cpe:2.3:a:janeczku:calibre-web:0.6.21
-
cpe:2.3:a:janeczku:calibre-web:0.6.3
-
cpe:2.3:a:janeczku:calibre-web:0.6.4
-
cpe:2.3:a:janeczku:calibre-web:0.6.5
-
cpe:2.3:a:janeczku:calibre-web:0.6.6
-
cpe:2.3:a:janeczku:calibre-web:0.6.7
-
cpe:2.3:a:janeczku:calibre-web:0.6.8
-
cpe:2.3:a:janeczku:calibre-web:0.6.9