cyberMEDIUM2026-05-08 23:16 UTC

CVE-2026-42451 - Grimmory: Stored XSS via Malicious EPUB Enables Session Token Theft

CVE ID :CVE-2026-42451 Published : May 8, 2026, 11:16 p.m. | 1 hour, 47 minutes ago Description :Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting (XSS) vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary Ja

ORIGINAL SOURCE →via CVE Feed Latest

⚡ STAY AHEAD

Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.

GET THE SUNDAY BRIEFING →

RELATED · cyber

[CYBER] Sri Lanka arrests more than 260 foreigners over cyberscams
[CYBER] CVE-2026-8207 - Gibbon SQL Injection Vulnerability
[CYBER] CVE-2026-7652 - LatePoint <= 5.5.0 - Unauthenticated Account Takeover via Weak Password Recovery Mechanism
[CYBER] Rate Limiting Toàn Tập: Đừng Để Server "Sập Nguồn" Vì Bị Spam API
[CYBER] The Auth0 Pricing Trap: Why Upgrading to Paid Gives You Less
[CYBER] CVE-2026-6667 - PgBouncer missing authorization check in KILL_CLIENT admin command

Editorial policy · Report a correction