cve/CVE-2024-39307.md at a8969e132322a214e7b78da5711159d6f891f0ab

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio 3428c6bdc6 Update CVE sources 2024-08-05 18:41

2024-08-05 18:41:32 +00:00

Description

Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in version 0.8.1.

POC

Reference

https://github.com/Kareadita/Kavita/security/advisories/GHSA-r4qc-3w52-2v84

Github

No PoCs found on GitHub currently.

924 B Raw Blame History

CVE-2024-39307

Description

POC

Reference

Github

924 B

Raw Blame History