2 matches found
CVE-2021-25964 Stored Cross-Site Scripting (XSS) in Calibre-web via Description Field in Metadata
In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered...
CVE-2021-25964
CVE-2021-25964 affects Calibre-web versions 0.6.0–0.6.12. A stored XSS vulnerability exists in the Metadata description field; an attacker with permission to edit metadata can inject JavaScript, which is triggered when a victim opens the file. This is the documented impact in multiple connected s...