Lucene search
GoogleOSV:CVE-2021-25965HistoryNov 16, 2021 - 10:15 a.m.
CVE-2021-25965
2021-11-1610:15:06
Google
osv.dev
1
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application.
| CPE | Name | Operator | Version |
|---|---|---|---|
| calibre-web | eq | 0.6.3 | |
| calibre-web | eq | 0.6.6 | |
| calibre-web | eq | 0.6.7 | |
| calibre-web | eq | 0.6.0 | |
| calibre-web | eq | 0.6.11 | |
| calibre-web | eq | 0.6.4 | |
| calibre-web | eq | 0.6.13 | |
| calibre-web | eq | 0.6.8 | |
| calibre-web | eq | 0.6.10 | |
| calibre-web | eq | 0.6.2 |
Related
cnvd
cnvd
Calibre Cross-Site Request Forgery Vulnerability
2021-11-22 00:00:00
cve
cve
CVE-2021-25965
2021-11-16 10:15:06
prion
prion
Cross site request forgery (csrf)
2021-11-16 10:15:00
cvelist
cvelist
nvd
nvd
CVE-2021-25965
2021-11-16 10:15:06