PyPi: Calibreweb

CVE-2024-39123

Safety vulnerability ID: 72283

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jul 19, 2024 Updated at Nov 16, 2024

Scan your Python projects for vulnerabilities →

Advisory

In janeczku Calibre-Web affectged versions, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.

Affected package

calibreweb

Latest version: 0.6.24

Web app for browsing, reading and downloading eBooks stored in a Calibre database.

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/pentesttoolscom/vulnerability-research/tree/master/CVE-2024-39123
https://github.com/advisories/GHSA-j22r-3rf3-cv25
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39123

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application