Lucene search
AlicazA577FF17-2DED-4C41-84AE-6AC02440F717HistoryJan 17, 2022 - 3:03 a.m.
Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web
2022-01-1703:03:44
alicaz
www.huntr.dev
6
0.001 Low
EPSS
Percentile
30.1%
Description
There is a reflected XSS vulnerability on the site calibre-web.
Proof of Concept
1. go to the calibre e-book management
2. create a new book give the title name <script src=1 href=1 onerror="javascript:alert(300)"></script>
3. and give the title sort name <script src=1 href=1 onerror="javascript:alert(300)"></script>
4. save and go to the website
5.go to Author
6.press one of the books
7. then right click and press inspect element
8. then press Author/strored
Video POC: https://drive.google.com/file/d/1umL5Vk5ezXxIA3nm43fPWl-FiD0Uy77z/view?usp=sharing
Impact
Reflected XSS allows attackers to misguide vistors of a website, steal cookies, and send arbitrary requests.
Related
veracode
veracode
Cross-site Scripting (XSS)
2022-01-31 08:02:36
osv
osv
PYSEC-2022-18
2022-01-28 22:15:00
CVE-2022-0352
2022-01-28 22:15:15
Cross-site Scripting in calibreweb
2022-01-29 00:00:41
github
github
Cross-site Scripting in calibreweb
2022-01-29 00:00:41
nvd
nvd
CVE-2022-0352
2022-01-28 22:15:15
cve
cve
CVE-2022-0352
2022-01-28 22:15:15
prion
prion
Cross site scripting
2022-01-28 22:15:00
cvelist
cvelist
CVE-2022-0352 Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web
2022-01-28 21:29:15