273 matches found
Calibre-Web 访问控制错误漏洞
Calibre-Web is a web application for browsing, reading, and downloading eBooks from the Calibre database by Jan B, an individual developer. An access control error vulnerability exists in Calibre-Web that stems from the createshelf method in shelf.py not verifying that a user has the required...
Calibre Web 0.6.21 Cross Site Scripting
Exploit Title: Stored XSS in Calibre-web Date: 07/05/2024 Exploit Authors: Pentest-Tools.com Catalin Iovita & Alexandru Postolache Vendor Homepage: https://github.com/janeczku/calibre-web/ Version: 0.6.21 - Romesa Tested on: Linux 5.15.0-107, Python 3.10.12, lxml 4.9.4 CVE: CVE-2024-39123...
Calibre-web 0.6.21 - Stored XSS Vulnerability
Exploit Title: Stored XSS in Calibre-web Exploit Authors: Pentest-Tools.com Catalin Iovita & Alexandru Postolache Vendor Homepage: https://github.com/janeczku/calibre-web/ Version: 0.6.21 - Romesa Tested on: Linux 5.15.0-107, Python 3.10.12, lxml 4.9.4 CVE: CVE-2024-39123 Vulnerability Descriptio...
Calibre-web 0.6.21 - Stored XSS
Exploit Title: Stored XSS in Calibre-web Date: 07/05/2024 Exploit Authors: Pentest-Tools.com Catalin Iovita & Alexandru Postolache Vendor Homepage: https://github.com/janeczku/calibre-web/ Version: 0.6.21 - Romesa Tested on: Linux 5.15.0-107, Python 3.10.12, lxml 4.9.4 CVE: CVE-2024-39123...
Cross Site Scripting(XSS)
Calibre-Web is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper sanitization performed by the cleanstring function, which allows an attacker perform XSS by inserting a payload into the comments field...
Calibre-Web Cross Site Scripting (XSS)
In janeczku Calibre-Web 0.6.0 to 0.6.21, the editbookcomments function is vulnerable to Cross Site Scripting XSS due to improper sanitization performed by the cleanstring function. The vulnerability arises from the way the cleanstring function handles HTML sanitization...
GHSA-J22R-3RF3-CV25 Calibre-Web Cross Site Scripting (XSS)
In janeczku Calibre-Web 0.6.0 to 0.6.21, the editbookcomments function is vulnerable to Cross Site Scripting XSS due to improper sanitization performed by the cleanstring function. The vulnerability arises from the way the cleanstring function handles HTML sanitization...
CVE-2024-39123
In janeczku Calibre-Web 0.6.0 to 0.6.21, the editbookcomments function is vulnerable to Cross Site Scripting XSS due to improper sanitization performed by the cleanstring function. The vulnerability arises from the way the cleanstring function handles HTML sanitization...
CVE-2024-39123
In janeczku Calibre-Web 0.6.0 to 0.6.21, the editbookcomments function is vulnerable to Cross Site Scripting XSS due to improper sanitization performed by the cleanstring function. The vulnerability arises from the way the cleanstring function handles HTML sanitization...
CVE-2024-39123
In janeczku Calibre-Web 0.6.0 to 0.6.21, the editbookcomments function is vulnerable to Cross Site Scripting XSS due to improper sanitization performed by the cleanstring function. The vulnerability arises from the way the cleanstring function handles HTML sanitization...
CVE-2024-39123
Calibre-Web 0.6.0–0.6.21 is vulnerable to Cross-Site Scripting (XSS) due to improper HTML sanitization in the clean_string function, exploitable via the edit_book_comments feature. Reports from Red Hat and OSV/OSV-GHSA entries corroborate the same root cause: inadequate sanitization leading to XS...
PT-2024-28353
Name of the Vulnerable Software and Affected Versions janeczku Calibre-Web versions 0.6.0 through 0.6.21 Description The issue arises from improper sanitization performed by the clean string function, specifically in the way it handles HTML sanitization, making the edit book comments function...
CVE-2024-39123
In janeczku Calibre-Web 0.6.0 to 0.6.21, the editbookcomments function is vulnerable to Cross Site Scripting XSS due to improper sanitization performed by the cleanstring function. The vulnerability arises from the way the cleanstring function handles HTML sanitization...
SMTP server credentials are returned
Description The vulnerability discovered in the Calibre-Web application is a security flaw in the management of email configurations that allows the SMTP server credentials to be viewed by an account with editing permission. This could allow a malicious user with access to the administrative...
Improper Restriction of Excessive Authentication Attempts in calibreweb
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20...
CVE-2022-2525
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20...
Input validation
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20...
PT-2023-12780
Name of the Vulnerable Software and Affected Versions calibre-web versions prior to 0.6.20 Description The issue is related to improper restriction of excessive authentication attempts in the GitHub repository janeczku/calibre-web. Recommendations For versions prior to 0.6.20, update to version...
Calibre-Web 安全漏洞
Calibre-Web is a web application for browsing, reading and downloading eBooks from the Calibre database. A security vulnerability exists in Calibre-Web versions prior to 0.6.20, which stems from an improper restriction on excessive authentication attempts...
CVE-2023-2106 Weak Password Requirements in janeczku/calibre-web
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20...