CVE-2024-7008 — Vulnetix

CVE-2024-7008 PUBLISHED CVSS 5.400000095367432 MEDIUM

Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting.

EPSS 13.40% · 94.3th percentile

Risk Scores

CVSS 3.1

5.400000095367432

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS Score

13.40%

94.3th percentile

Affected Products

Vendor	Product	Versions
Calibre	Calibre	7.15.0
calibre-ebook	calibre	0
calibre	calibre	0

Exploit Intelligence

https://starlabs.sg/advisories/24/24-7008/ (nist-nvd)
https://github.com/kovidgoyal/calibre/commit/863abac24e7bc3e5ca0b3307362ff1953ba53fe0 (circl)
Nuclei Template: CVE-2024-7008 (nuclei-template)
Nuclei Template: CVE-2024-7008 (nuclei-template)
Nuclei Template: CVE-2024-7008 (nuclei-template)
Nuclei Template: CVE-2024-7008 (nuclei-template)
Nuclei Template: CVE-2024-7008 (nuclei-template)
Nuclei Template: CVE-2024-7008 (nuclei-template)
Nuclei Template: CVE-2024-7008 (nuclei-template)

Timeline

Aug 6, 2024 EPSS Score
Aug 6, 2024 CVE Published
Aug 8, 2024 CVE Updated
Sep 17, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 8, 2024 EPSS Score
Nov 19, 2024 EPSS Score
Dec 11, 2024 EPSS Score
Jan 23, 2025 EPSS Score
Mar 6, 2025 EPSS Score
Mar 17, 2025 EPSS Score
Mar 24, 2025 EPSS Score

References

https://starlabs.sg/advisories/24/24-7008/ third-party-advisory
https://github.com/kovidgoyal/calibre/commit/863abac24e7bc3e5ca0b3307362ff1953ba53fe0 patch
https://nvd.nist.gov/vuln/detail/CVE-2024-7008 advisory
https://starlabs.sg/advisories/24/24-7008 url

Open in Interactive Console →

$ Console Community · 100/wk Open console ›