CVE-2024-39123

Name of the Vulnerable Software and Affected Versions janeczku Calibre-Web versions 0.6.0 through 0.6.21

Description The issue arises from improper sanitization performed by the clean string function, specifically in the way it handles HTML sanitization, making the edit book comments function vulnerable to Cross Site Scripting (XSS).

Recommendations For versions 0.6.0 through 0.6.21, consider disabling the edit book comments function until a patch is available to prevent potential XSS attacks. Restrict access to the clean string function to minimize the risk of exploitation. Avoid using the clean string function for HTML sanitization in the affected versions until the issue is resolved.