Security Advisory

CVE-2024-39123

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-19 00:00:00

Last updated 2024-08-02 04:19:20

Assigner mitre

State PUBLISHED

Description

In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.

← Browse all CVEs View on cve.org ↗