Janeczku: >> Calibre-Web >> 0.6.15 Security Vulnerabilities
In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.
CVSS Score
5.4
EPSS Score
0.009
Published
2024-07-19
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.
CVSS Score
7.3
EPSS Score
0.001
Published
2023-04-15
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.
CVSS Score
7.3
EPSS Score
0.001
Published
2023-04-15
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
CVSS Score
9.3
EPSS Score
0.003
Published
2022-04-04
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
CVSS Score
9.0
EPSS Score
0.002
Published
2022-04-04
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-04-03
Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-04-03
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-03-07
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
CVSS Score
9.1
EPSS Score
0.002
Published
2022-03-07
Improper Access Control in Pypi calibreweb prior to 0.6.16.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-01-30
Page 1