CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7009 – Calibre SQL Injection
https://notcve.org/view.php?id=CVE-2024-7009
Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database. La entrada de usuario no sanitizada en Calibre <= 7.15.0 permite a los usuarios con permisos realizar búsquedas de texto completo para lograr la inyección SQL en la base de datos SQLite. • https://github.com/kovidgoyal/calibre/commit/d56574285e8859d3d715eb7829784ee74337b7d7 https://starlabs.sg/advisories/24/24-7009 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7008 – Calibre Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2024-7008
Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting. La entrada de usuario no sanitizada en Calibre <= 7.15.0 permite a los atacantes cross-site scripting reflejado. • https://github.com/kovidgoyal/calibre/commit/863abac24e7bc3e5ca0b3307362ff1953ba53fe0 https://starlabs.sg/advisories/24/24-7008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •