cve/CVE-2024-39123.md at 93476d6c370e261fdc1b2b03a08066de45e4892d

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00

0xMarcio 1fb02038e8 Update CVE sources 2025-09-29 16:08

2025-09-29 16:08:36 +00:00

Description

In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.

POC

Reference

https://github.com/pentesttoolscom/vulnerability-research/tree/master/CVE-2024-39123

Github

https://github.com/FelinaeBlanc/CVE_2024_39123
https://github.com/theexploiters/CVE-2024-39123-Exploit

855 B Raw Blame History

CVE-2024-39123

Description

POC

Reference

Github

855 B

Raw Blame History