Janeczku: >> Calibre-Web >> 0.6.18 Security Vulnerabilities
In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.
CVSS Score
5.4
EPSS Score
0.009
Published
2024-07-19
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.
CVSS Score
7.3
EPSS Score
0.001
Published
2023-04-15
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.
CVSS Score
7.3
EPSS Score
0.001
Published
2023-04-15
Calibre-Web before 0.6.18 allows user table SQL Injection.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-16