3 matches found
Cross-site Scripting (XSS)
calibreweb to Cross-site Scripting XSS. The vulnerability is due to insufficient sanitization of user input in the editbooks.js file when editing book properties, such as uploading a cover or format. This allows attackers to execute arbitrary JavaScript code...
Sensitive Information Exposure
calibreweb is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper error handling, exposing the names of private shelves in error messages when unauthorized users attempt to remove a book from a shelf they do not own...
Server-Side Request Forgery (SSRF)
calibreweb is vulnerable to server-side request forgery. The vulnerability exists in deleteuser function of admin.py due to lack of validation which allows an attacker to fetch localhost URL and upload a book cover...