Grimmory Stored Cross-Site Scripting Vulnerability in EPUB Reader
Vulnerability
A stored cross-site scripting vulnerability has been identified in Grimmory, a self-hosted digital library, prior to version 2.3.1. This vulnerability allows an attacker to inject arbitrary JavaScript into a crafted EPUB file. When the file is opened in Grimmory's browser-based EPUB reader, the embedded script executes with full access to the application's session context. This could lead to session token theft and account takeover, including administrative access if an administrator opens the affected book.
Impact
Exploitation of this vulnerability allows for session token theft from local storage, enabling unauthorized access to the victim's account. If the victim is an administrator, this could result in full administrative access to the Grimmory instance. Additionally, the vulnerability could be exploited to perform authenticated actions on behalf of the victim or to register a service worker that intercepts requests in future browser sessions.
Remediation
Users are advised to upgrade to Grimmory version 2.3.1. If an immediate upgrade is not possible, book upload permissions should be restricted to trusted users only.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.