Janeczku: Security Vulnerabilities
In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-04
Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-05-04
Page 3