{"id":"UBUNTU-CVE-2024-7008","details":"Unsanitized user-input in Calibre \u003c= 7.15.0 allow attackers to perform reflected cross-site scripting.","modified":"2026-05-20T16:10:05.608318910Z","published":"2024-08-06T04:16:00Z","upstream":["CVE-2024-7008"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-7008"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2024-7008"},{"type":"REPORT","url":"https://starlabs.sg/advisories/24/24-7008/"},{"type":"REPORT","url":"https://github.com/kovidgoyal/calibre/commit/863abac24e7bc3e5ca0b3307362ff1953ba53fe0"},{"type":"REPORT","url":"https://github.com/kovidgoyal/calibre/commit/863abac24e7bc3e5ca0b3307362ff1953ba53fe0"}],"affected":[{"package":{"name":"calibre","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/calibre?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.33.0+dfsg-1build1","2.38.0+dfsg-1","2.45.0+dfsg-1","2.45.0+dfsg-1build1","2.48.0+dfsg-1","2.48.0+dfsg-1build1","2.54.0+dfsg-1","2.55.0+dfsg-1","2.55.0+dfsg-1ubuntu0.2"],"ecosystem_specific":{"binaries":[{"binary_version":"2.55.0+dfsg-1ubuntu0.2","binary_name":"calibre"},{"binary_version":"2.55.0+dfsg-1ubuntu0.2","binary_name":"calibre-bin"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-7008.json"}},{"package":{"name":"calibre","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/calibre?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.7.0+dfsg-2","3.7.0+dfsg-2build1","3.12.0+dfsg-1","3.13.0+dfsg-1","3.14.0+dfsg-1","3.15.0.1+dfsg-1","3.16.0+dfsg-1","3.16.0+dfsg-1build1","3.17.0+dfsg-1","3.17.0+dfsg-2","3.18.0+dfsg-1build1","3.19.0+dfsg-1","3.20.0+dfsg-1","3.21.0+dfsg-1","3.21.0+dfsg-1build1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.21.0+dfsg-1build1","binary_name":"calibre"},{"binary_version":"3.21.0+dfsg-1build1","binary_name":"calibre-bin"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-7008.json"}},{"package":{"name":"calibre","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/calibre?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.46.0+dfsg-1","4.2.0+dfsg-2","4.3.0+dfsg-1","4.3.0+dfsg-2","4.4.0+dfsg-1","4.5.0+dfsg-1","4.5.0+dfsg-2","4.5.0+dfsg-3","4.6.0+dfsg-1","4.7.0+dfsg-1","4.99.3+dfsg-2","4.99.4+dfsg-1","4.99.4+dfsg-1build1","4.99.4+dfsg+really4.10.0+py3-2","4.99.4+dfsg+really4.11.2-1","4.99.4+dfsg+really4.11.2-1build1","4.99.4+dfsg+really4.12.0-1","4.99.4+dfsg+really4.12.0-1build1","4.99.4+dfsg+really4.12.0-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"4.99.4+dfsg+really4.12.0-1ubuntu1","binary_name":"calibre"},{"binary_version":"4.99.4+dfsg+really4.12.0-1ubuntu1","binary_name":"calibre-bin"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-7008.json"}},{"package":{"name":"calibre","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/calibre?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.25.0+dfsg-2","5.33.2+dfsg-1","5.34.0+dfsg-1","5.35.0+dfsg-1ubuntu2","5.37.0+dfsg-1","5.37.0+dfsg-1build1"],"ecosystem_specific":{"binaries":[{"binary_version":"5.37.0+dfsg-1build1","binary_name":"calibre"},{"binary_version":"5.37.0+dfsg-1build1","binary_name":"calibre-bin"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-7008.json"}},{"package":{"name":"calibre","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/calibre?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.24.0+ds-1","6.29.0+ds-1","7.0.0+ds-1","7.1.0+ds-1","7.1.0+ds-2","7.2.0+ds-1","7.2.0+ds-1build1","7.3.0+ds-1","7.4.0+ds-1","7.5.1+ds-1","7.5.1+ds-2","7.5.1+ds-3","7.6.0+ds-1","7.6.0+ds-1build1"],"ecosystem_specific":{"binaries":[{"binary_version":"7.6.0+ds-1build1","binary_name":"calibre"},{"binary_version":"7.6.0+ds-1build1","binary_name":"calibre-bin"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-7008.json"}},{"package":{"name":"calibre","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/calibre?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["8.8.0+ds-3build1","8.13.0+ds+~0.10.5-3","8.14.0+ds+~0.10.5-1","8.15.0+ds+~0.10.5-1","8.16.0+ds+~0.10.5-2","8.16.2+ds+~0.10.5-1","8.16.2+ds+~0.10.5-2","8.16.2+ds+~0.10.5-3","9.2.1+ds+~0.10.5-2build1"],"ecosystem_specific":{"binaries":[{"binary_version":"9.2.1+ds+~0.10.5-2build1","binary_name":"calibre"},{"binary_version":"9.2.1+ds+~0.10.5-2build1","binary_name":"calibre-bin"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-7008.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}