2 matches found
CVE-2025-52880 Komga Vulnerable to Arbitrary Code Execution via Crafted EPUB File
Komga is a media server for comics, mangas, BDs, magazines and eBooks. A Cross-Site Scripting XSS vulnerability has been discovered in versions 1.8.0 through 1.21.3 when serving EPUB resources, either directly from the API, or when reading using the epub reader. The vulnerability lets an attacker...
PT-2025-26781 · Komga · Komga
Name of the Vulnerable Software and Affected Versions: Komga versions 1.8.0 through 1.21.3 Description: A Cross-Site Scripting XSS issue has been found in Komga when serving EPUB resources. This allows an attacker to perform actions on the victim's behalf. If an admin user is targeted, it can be...