What is CVE-2024-39307?

CVE-2024-39307 is a low-severity vulnerability in Kareadita Kavita, classified under Cross-site Scripting. CVSS score: 3.5/10. Published 2024-06-28.

How severe is CVE-2024-39307?

Low severity. CVSS v3 base score is 3.5 out of 10.

XSS in Kareadita Kavita

CVE-2024-39307

Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to exec…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (25.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N.

Affected products

Kareadita Kavita — versions <= 0.8.0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/Kareadita/Kavita/security/advisories/GHSA-r4qc-3w52-2v84 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2024-39307?: CVE-2024-39307 is a low-severity vulnerability in Kareadita Kavita, classified under Cross-site Scripting. CVSS score: 3.5/10. Published 2024-06-28.
How severe is CVE-2024-39307?: Low severity. CVSS v3 base score is 3.5 out of 10.