CNNVD-202506-3120 Information

CNNVD ID

CNNVD-202506-3120

Related CVE

CVE-2025-52880

• CNNVD Published: 2025-06-24

Description (Chinese)

Komga是Gauthier个人开发者的一个漫画、杂志、电子书的媒体服务器。 Komga 1.8.0至1.21.3版本存在安全漏洞，该漏洞源于EPUB资源中存在跨站脚本，可能导致以受害者身份执行操作。

Description (English)

Komga is a media server for cartoons, magazines and electronic books of Gauthier personal developers. There is a security loophole in the Komga versions 1.8.0 to 1.21.3, which stems from the presence of a cross-site script in the EPUB resources, which may lead to operations being performed as victims.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Live Support

Published

2025-06-24

Last Modified

2026-02-24

References

https://github.com/gotson/komga/commit/5f9cc449b7846ed2066752c72c9ce7b20c3a85a7 https://github.com/gotson/komga/security/advisories/GHSA-m7mm-6jxp-2m4x https://access.redhat.com/security/cve/cve-2025-52880

Patch

https://github.com/gotson/komga/releases