Security
Headlines
HeadlinesLatestCVEs

Headline

Calibre Web 0.6.21 Cross Site Scripting

Calibre Web version 0.6.21 suffers from a persistent cross site scripting vulnerability.

Packet Storm
#xss#vulnerability#web#linux#git#java#auth
# Exploit Title: Stored XSS in Calibre-web# Date: 07/05/2024# Exploit Authors: Pentest-Tools.com (Catalin Iovita & Alexandru Postolache)# Vendor Homepage: (https://github.com/janeczku/calibre-web/)# Version: 0.6.21 - Romesa# Tested on: Linux 5.15.0-107, Python 3.10.12, lxml  4.9.4# CVE: CVE-2024-39123## Vulnerability DescriptionCalibre-web 0.6.21 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session.## Steps to Reproduce1. Log in to the application.2. Upload a new book.3. Access the Books List functionality from the `/table?data=list&sort_param=stored` endpoint.4. In the `Comments` field, input the following payload:    <a href=javas%1Bcript:alert()>Hello there!</a>4. Save the changes.5. Upon clicking the description on the book that was created, in the Book Details, the payload was successfully injected in the Description field. By clicking on the message, an alert box will appear, indicating the execution of the injected script.

Related news

GHSA-j22r-3rf3-cv25: Calibre-Web Cross Site Scripting (XSS)

In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution