Cross-Site Scripting (XSS) vulnerability via crafted ebooks in KavitaKavita i...

June 29, 2024, 1:31 p.m. |

Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epu...

browsing code code execution context cross platform cross-site ebook ebooks malicious malicious scripts platform sandbox scripting scripts server vulnerability xss

Visit resource

More from cve.threatint.com / CVE | THREATINT - NEW

GeoServer's Server Status shows sensitive environmental variables and Java pr... an hour ago | cve.threatint.com

data edit environmental geoserver +10

In JetBrains TeamCity before 2024.03.3 application token could be exposed in ... an hour ago | cve.threatint.com

application cloud ec2 exposed +6

In JetBrains TeamCity before 2024.03.3 private key could be exposed via testi... an hour ago | cve.threatint.com

app connection exposed github +7

Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpointIn Sp... 2 hours ago | cve.threatint.com

admin browser cloud cloud platform +14

Persistent Cross-site Scripting (XSS) in Web BulletinIn Splunk Enterprise ver... 2 hours ago | cve.threatint.com

admin cloud cloud platform cross-site +12

Denial of Service through null pointer reference in “cluster/config” REST end... 2 hours ago | cve.threatint.com

attacker cloud cloud platform cluster +11

Denial of Service (DoS) on the datamodel/web REST endpointIn Splunk Enterpris... 2 hours ago | cve.threatint.com

admin cloud cloud platform denial of service +12

Remote Code Execution (RCE) through an external lookup due to “copybuckets.py... 2 hours ago | cve.threatint.com

admin code code execution enterprise +11

Low-privileged user could create experimental itemsIn Splunk Enterprise versi... 2 hours ago | cve.threatint.com

admin cloud cloud platform enterprise +7

Data Loss Prevention Analyst 1

@ Advanced Energy | Quezon City, 00, PH, n/a

View on infosec-jobs.com

TC-CS-DPP MS Purview-Staff

@ EY | Bengaluru, KA, IN, 560048

View on infosec-jobs.com

Consultant CSIRT Confirmé H/F (Paris)

@ EY | Paris La Défense, FR, 92037

View on infosec-jobs.com

Consultant Azure Cloud Sécurité CSPM H/F (Paris)

@ EY | Paris La Défense, FR, 92037

View on infosec-jobs.com

Consultant en Protection des Données (Microsoft Purview) H/F (Paris)

@ EY | Paris La Défense, FR, 92037

View on infosec-jobs.com

Business Continuity Coordinator

@ Sumitomo Mitsui Banking Corporation | Brea, CA, US, 92821

View on infosec-jobs.com

all InfoSec News

Cross-Site Scripting (XSS) vulnerability via crafted ebooks in KavitaKavita i...

More from cve.threatint.com / CVE | THREATINT - NEW

Jobs in InfoSec / Cybersecurity

Data Loss Prevention Analyst 1

TC-CS-DPP MS Purview-Staff

Consultant CSIRT Confirmé H/F (Paris)

Consultant Azure Cloud Sécurité CSPM H/F (Paris)

Consultant en Protection des Données (Microsoft Purview) H/F (Paris)

Business Continuity Coordinator