← Back

Janeczku

janeczku

24 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Calibre Web
calibre-web
24 CVEs

CVEs (24)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-4170
1Janeczku
1Calibre Web
Nov 21, 2024
Jan 16, 2022
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-25965
1Janeczku
1Calibre Web
Nov 21, 2024
Nov 16, 2021
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-...Show more
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application.Show less
CVE-2021-25964
1Janeczku
1Calibre Web
Nov 21, 2024
Oct 4, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a vi...Show more
In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered.Show less
CVE-2020-12627
1Janeczku
1Calibre Web
Nov 21, 2024
May 4, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key.