Lucene search
+L

273 matches found

CNNVD
CNNVD
added 2024/11/15 12:0 a.m.4 views

Calibre-Web 访问控制错误漏洞

Calibre-Web is a web application for browsing, reading, and downloading eBooks from the Calibre database by Jan B, an individual developer. An access control error vulnerability exists in Calibre-Web that stems from the createshelf method in shelf.py not verifying that a user has the required...

5.4CVSS5.3AI score0.00334EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2024/08/26 12:0 a.m.250 views

Calibre Web 0.6.21 Cross Site Scripting

Exploit Title: Stored XSS in Calibre-web Date: 07/05/2024 Exploit Authors: Pentest-Tools.com Catalin Iovita & Alexandru Postolache Vendor Homepage: https://github.com/janeczku/calibre-web/ Version: 0.6.21 - Romesa Tested on: Linux 5.15.0-107, Python 3.10.12, lxml 4.9.4 CVE: CVE-2024-39123...

5.4CVSS7AI score0.22894EPSS
Exploits4
0day.today
0day.today
added 2024/08/24 12:0 a.m.157 views

Calibre-web 0.6.21 - Stored XSS Vulnerability

Exploit Title: Stored XSS in Calibre-web Exploit Authors: Pentest-Tools.com Catalin Iovita & Alexandru Postolache Vendor Homepage: https://github.com/janeczku/calibre-web/ Version: 0.6.21 - Romesa Tested on: Linux 5.15.0-107, Python 3.10.12, lxml 4.9.4 CVE: CVE-2024-39123 Vulnerability Descriptio...

5.4CVSS7.4AI score0.22894EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/08/23 12:0 a.m.316 views

Calibre-web 0.6.21 - Stored XSS

Exploit Title: Stored XSS in Calibre-web Date: 07/05/2024 Exploit Authors: Pentest-Tools.com Catalin Iovita & Alexandru Postolache Vendor Homepage: https://github.com/janeczku/calibre-web/ Version: 0.6.21 - Romesa Tested on: Linux 5.15.0-107, Python 3.10.12, lxml 4.9.4 CVE: CVE-2024-39123...

5.4CVSS7AI score0.22894EPSS
Exploits4
Veracode
Veracode
added 2024/07/22 5:31 a.m.11 views

Cross Site Scripting(XSS)

Calibre-Web is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper sanitization performed by the cleanstring function, which allows an attacker perform XSS by inserting a payload into the comments field...

5.4CVSS5.6AI score0.22894EPSS
Exploits4References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/19 9:31 p.m.24 views

Calibre-Web Cross Site Scripting (XSS)

In janeczku Calibre-Web 0.6.0 to 0.6.21, the editbookcomments function is vulnerable to Cross Site Scripting XSS due to improper sanitization performed by the cleanstring function. The vulnerability arises from the way the cleanstring function handles HTML sanitization...

5.4CVSS5.8AI score0.22894EPSS
Exploits4References3Affected Software1
OSV
OSV
added 2024/07/19 9:31 p.m.33 views

GHSA-J22R-3RF3-CV25 Calibre-Web Cross Site Scripting (XSS)

In janeczku Calibre-Web 0.6.0 to 0.6.21, the editbookcomments function is vulnerable to Cross Site Scripting XSS due to improper sanitization performed by the cleanstring function. The vulnerability arises from the way the cleanstring function handles HTML sanitization...

5.4CVSS5.1AI score0.22894EPSS
Exploits4References3
NVD
NVD
added 2024/07/19 8:15 p.m.33 views

CVE-2024-39123

In janeczku Calibre-Web 0.6.0 to 0.6.21, the editbookcomments function is vulnerable to Cross Site Scripting XSS due to improper sanitization performed by the cleanstring function. The vulnerability arises from the way the cleanstring function handles HTML sanitization...

5.4CVSS0.22894EPSS
Exploits4References1
Vulnrichment
Vulnrichment
added 2024/07/19 12:0 a.m.11 views

CVE-2024-39123

In janeczku Calibre-Web 0.6.0 to 0.6.21, the editbookcomments function is vulnerable to Cross Site Scripting XSS due to improper sanitization performed by the cleanstring function. The vulnerability arises from the way the cleanstring function handles HTML sanitization...

5.8AI score0.22894EPSS
Exploits4References1
Cvelist
Cvelist
added 2024/07/19 12:0 a.m.39 views

CVE-2024-39123

In janeczku Calibre-Web 0.6.0 to 0.6.21, the editbookcomments function is vulnerable to Cross Site Scripting XSS due to improper sanitization performed by the cleanstring function. The vulnerability arises from the way the cleanstring function handles HTML sanitization...

0.22894EPSS
Exploits4References1
CVE
CVE
added 2024/07/19 12:0 a.m.64 views

CVE-2024-39123

Calibre-Web 0.6.0–0.6.21 is vulnerable to Cross-Site Scripting (XSS) due to improper HTML sanitization in the clean_string function, exploitable via the edit_book_comments feature. Reports from Red Hat and OSV/OSV-GHSA entries corroborate the same root cause: inadequate sanitization leading to XS...

5.4CVSS5.9AI score0.22894EPSS
Exploits4References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/19 12:0 a.m.8 views

PT-2024-28353

Name of the Vulnerable Software and Affected Versions janeczku Calibre-Web versions 0.6.0 through 0.6.21 Description The issue arises from improper sanitization performed by the clean string function, specifically in the way it handles HTML sanitization, making the edit book comments function...

5.4CVSS6.1AI score0.22894EPSS
Exploits4References12
OSV
OSV
added 2024/07/19 12:0 a.m.7 views

CVE-2024-39123

In janeczku Calibre-Web 0.6.0 to 0.6.21, the editbookcomments function is vulnerable to Cross Site Scripting XSS due to improper sanitization performed by the cleanstring function. The vulnerability arises from the way the cleanstring function handles HTML sanitization...

5.4CVSS5.1AI score0.22894EPSS
Exploits4References3
Huntr
Huntr
added 2023/04/22 4:19 p.m.10 views

SMTP server credentials are returned

Description The vulnerability discovered in the Calibre-Web application is a security flaw in the management of email configurations that allows the SMTP server credentials to be viewed by an account with editing permission. This could allow a malicious user with access to the administrative...

6.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/04/15 3:30 p.m.34 views

Improper Restriction of Excessive Authentication Attempts in calibreweb

Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20...

9.8CVSS9.3AI score0.00762EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2023/04/15 1:15 p.m.31 views

CVE-2022-2525

Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20...

9.8CVSS7.8AI score0.00762EPSS
Exploits1References2
Prion
Prion
added 2023/04/15 1:15 p.m.12 views

Input validation

Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20...

7.5CVSS9.6AI score0.00762EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/15 12:0 a.m.2 views

PT-2023-12780

Name of the Vulnerable Software and Affected Versions calibre-web versions prior to 0.6.20 Description The issue is related to improper restriction of excessive authentication attempts in the GitHub repository janeczku/calibre-web. Recommendations For versions prior to 0.6.20, update to version...

9.8CVSS7.1AI score0.00762EPSS
Exploits1References13
CNNVD
CNNVD
added 2023/04/15 12:0 a.m.6 views

Calibre-Web 安全漏洞

Calibre-Web is a web application for browsing, reading and downloading eBooks from the Calibre database. A security vulnerability exists in Calibre-Web versions prior to 0.6.20, which stems from an improper restriction on excessive authentication attempts...

9.8CVSS7.6AI score0.00762EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/04/15 12:0 a.m.42 views

CVE-2023-2106 Weak Password Requirements in janeczku/calibre-web

Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20...

7.3CVSS9.8AI score0.00742EPSS
Exploits1References2
Rows per page
Query Builder