header-logo
Suggest Exploit
vendor:
Calibre-web
by:
Pentest-Tools.com (Catalin Iovita & Alexandru Postolache)
6.1
CVSS
HIGH
Stored Cross-Site Scripting (XSS)
79
CWE
Product Name: Calibre-web
Affected Version From: 2000.6.21
Affected Version To: 2000.6.21
Patch Exists: NO
Related CWE: CVE-2024-39123
CPE: a:janeczku:calibre-web:0.6.21
Metasploit:
Other Scripts:
Platforms Tested: Linux
2024

Stored XSS in Calibre-web

Calibre-web 0.6.21 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. This allows an attacker to insert malicious scripts stored on the server and run in the context of another user's session. By exploiting this vulnerability, an attacker can execute arbitrary scripts in the victim's browser.

Mitigation:

To mitigate this vulnerability, sanitize and validate user input before storing it in the database. Implement Content Security Policy (CSP) headers to prevent the execution of unauthorized scripts.
Source

Exploit-DB raw data:

# Exploit Title: Stored XSS in Calibre-web
# Date: 07/05/2024
# Exploit Authors: Pentest-Tools.com (Catalin Iovita & Alexandru Postolache)
# Vendor Homepage: (https://github.com/janeczku/calibre-web/)
# Version: 0.6.21 - Romesa
# Tested on: Linux 5.15.0-107, Python 3.10.12, lxml	4.9.4
# CVE: CVE-2024-39123

## Vulnerability Description
Calibre-web 0.6.21 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session.

## Steps to Reproduce
1. Log in to the application.
2. Upload a new book.
3. Access the Books List functionality from the `/table?data=list&sort_param=stored` endpoint.
4. In the `Comments` field, input the following payload:

    <a href=javas%1Bcript:alert()>Hello there!</a>

4. Save the changes.
5. Upon clicking the description on the book that was created, in the Book Details, the payload was successfully injected in the Description field. By clicking on the message, an alert box will appear, indicating the execution of the injected script.

Navigation

Suggest Exploit

Services By CQR