Janeczku: >> Calibre-Web >> 0.6.7 Security Vulnerabilities
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-03-07
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
CVSS Score
9.1
EPSS Score
0.002
Published
2022-03-07
Improper Access Control in Pypi calibreweb prior to 0.6.16.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-01-30
Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-01-30
Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.
CVSS Score
8.5
EPSS Score
0.003
Published
2022-01-28
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
7.6
EPSS Score
0.001
Published
2022-01-17
calibre-web is vulnerable to Business Logic Errors
CVSS Score
7.7
EPSS Score
0.004
Published
2022-01-17
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
7.3
EPSS Score
0.003
Published
2022-01-16
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-11-16
In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-04