← voltar
CVE-2024-39307

Cross-Site Scripting (XSS) vulnerability via crafted ebooks in Kavita

CVSS 3.5 LOWEPSS 0.5%CWE-79
Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in version 0.8.1.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Produtos afetados
Kareadita · Kavita

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Kareadita/Kavita/security/advisories/GHSA-r4qc-3w52-2v84