CVE-2024-7008
📋 TL;DR
Calibre versions up to 7.15.0 contain a reflected cross-site scripting (XSS) vulnerability due to improper input sanitization. Attackers can inject malicious scripts that execute in users' browsers when they visit specially crafted URLs. This affects all users running vulnerable Calibre versions, particularly those who access Calibre through web interfaces.
💻 Affected Systems
- Calibre
📦 What is this software?
Calibre by Calibre Ebook
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware through drive-by downloads.
Likely Case
Attackers would typically steal session cookies to hijack user sessions, potentially gaining unauthorized access to the Calibre library or user data.
If Mitigated
With proper input validation and output encoding, malicious scripts would be rendered harmless as text rather than executable code.
🎯 Exploit Status
The advisory includes technical details that could be used to create exploits. Reflected XSS typically requires user interaction (clicking a malicious link).
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.16.0
Vendor Advisory: https://github.com/kovidgoyal/calibre/commit/863abac24e7bc3e5ca0b3307362ff1953ba53fe0
Restart Required: Yes
Instructions:
1. Download Calibre 7.16.0 or later from the official website. 2. Install the update following standard installation procedures. 3. Restart Calibre to ensure the patch is applied.
🔧 Temporary Workarounds
Disable Web Interface
allTemporarily disable Calibre's web interface if not required for functionality.
Check Calibre settings to disable web server functionality
Input Validation Proxy
allDeploy a web application firewall or reverse proxy that filters malicious input patterns.
🧯 If You Can't Patch
- Restrict network access to Calibre web interface using firewall rules to trusted IPs only.
- Educate users not to click on untrusted links, especially those containing suspicious parameters.
🔍 How to Verify
Check if Vulnerable:
Check Calibre version in Help > About or run 'calibre --version' in terminal. If version is 7.15.0 or earlier, you are vulnerable.Check Version:
calibre --versionVerify Fix Applied:
After updating, verify version is 7.16.0 or later using the same methods.📡 Detection & Monitoring
Log Indicators:
- Unusual URL parameters containing script tags or JavaScript code in web server logs
- Multiple failed attempts with suspicious parameter values
Network Indicators:
- HTTP requests with suspicious parameters containing script tags or JavaScript payloads
SIEM Query:
source="calibre_web_logs" AND (url="*<script*" OR url="*javascript:*" OR url="*onerror=*" OR url="*onload=*")