64 matches found
EUVD-2024-3244
Malicious code in bioql PyPI...
CVE-2023-2106
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20...
CVE-2021-3988
A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...
Improper Access Control in janeczku/calibre-web
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the createshelf method in shelf.py not verifying if the user has the necessary permissions to create a...
Generation of Error Message Containing Sensitive Information in janeczku/calibre-web
A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they d...
GHSA-R735-9GC6-2HVQ Cross-site Scripting (XSS) - DOM in janeczku/calibre-web
A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...
GHSA-M982-H4F8-G4HF Generation of Error Message Containing Sensitive Information in janeczku/calibre-web
A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they d...
GHSA-FJ5V-W2JP-WQVJ Improper Access Control in janeczku/calibre-web
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the createshelf method in shelf.py not verifying if the user has the necessary permissions to create a...
Cross-site Scripting (XSS) - DOM in janeczku/calibre-web
A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...
CVE-2021-3987
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the createshelf method in shelf.py not verifying if the user has the necessary permissions to create a...
CVE-2021-3988
A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...
CVE-2021-3986
A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they d...
CVE-2021-3986
A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they d...
CVE-2021-3988
A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...
CVE-2021-3988
CVE-2021-3988 affects janeczku/calibre-web. The XSS occurs in edit_books.js when editing book properties (e.g., uploading a cover/format) via the #btn-upload-cover handler, where user input is inserted into the DOM without sanitization. This can permit arbitrary JavaScript execution and cookie th...
CVE-2021-3988 Cross-site Scripting (XSS) in janeczku/calibre-web
A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...
CVE-2021-3988 Cross-site Scripting (XSS) in janeczku/calibre-web
A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...
CVE-2021-3987 Improper Access Control in janeczku/calibre-web
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the createshelf method in shelf.py not verifying if the user has the necessary permissions to create a...
CVE-2021-3987 Improper Access Control in janeczku/calibre-web
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the createshelf method in shelf.py not verifying if the user has the necessary permissions to create a...
CVE-2021-3987
CVE-2021-3987 (janeczku/calibre-web) is an improper access control flaw where the public shelf creation path (shelf.py: create_shelf) does not verify user permissions, allowing low-privilege users to create public shelves and perform unauthorized actions. Public disclosures in multiple feeds corr...