5 matches found
Cross-site Scripting (XSS)
Overview calibreweb is a Web app for browsing, reading and downloading eBooks stored in a Calibre database. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the username field during user creation. An attacker can execute arbitrary JavaScript code in the context of...
GHSA-PC5G-J9J7-P4Q3 Calibre-Web Has a Stored Cross-Site Scripting (XSS) Vulnerability via the 'username' Field During User Creation
A Stored Cross-Site Scripting XSS vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field during user creation. The payload is stored unsanitized and later executed when the /ajax/listusers endpoint is accessed...
CVE-2025-65858
A Stored Cross-Site Scripting XSS vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field during user creation. The payload is stored unsanitized and later executed when the /ajax/listusers endpoint is accessed...
CVE-2025-65858
Calibre-Web has a Stored XSS in the username field during user creation (v0.6.25). The payload is stored unsanitized and later executed when /ajax/listusers is accessed. Affected component: Calibre-Web web app; root cause is lack of input sanitization for the username field, enabling injected Jav...
PT-2025-48688
Name of the Vulnerable Software and Affected Versions Calibre-Web version 0.6.25 Description A Stored Cross-Site Scripting XSS issue exists in Calibre-Web. An attacker can inject malicious JavaScript into the username field during user creation. The injected payload is stored without proper...