CVE-2024-7008 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-7008 PUBLISHED CVSS 5.400000095367432 MEDIUM

Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting.

EPSS 12.71% · 93.9th percentile

Risk Scores

CVSS v3.1

5.400000095367432

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS Score

12.71%

93.9th percentile

Affected Products

Vendor	Product	Versions
Calibre	Calibre	7.15.0
calibre-ebook	calibre	0
calibre	calibre	0

Timeline

Aug 6, 2024 EPSS Score
Aug 6, 2024 CVE Published
Aug 8, 2024 CVE Updated
Sep 16, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 7, 2024 EPSS Score
Nov 17, 2024 EPSS Score
Dec 8, 2024 EPSS Score
Jan 18, 2025 EPSS Score
Feb 28, 2025 EPSS Score
Mar 17, 2025 EPSS Score
Mar 23, 2025 EPSS Score

References

https://starlabs.sg/advisories/24/24-7008/ third-party-advisory
https://github.com/kovidgoyal/calibre/commit/863abac24e7bc3e5ca0b3307362ff1953ba53fe0 patch
https://nvd.nist.gov/vuln/detail/CVE-2024-7008 advisory
https://starlabs.sg/advisories/24/24-7008 url

Open in Interactive Console →