Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
JaneczkuCalibre-web

3 matches found

CVE
CVEadded 2024/11/15 11:15 a.m.36 views

CVE-2021-3987

An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the create_shelf method in shelf.py not verifying if the user has the necessary permissions to create a p...

5.4CVSS4.7AI score0.00046EPSS
CVE
CVEadded 2024/07/19 8:15 p.m.33 views

CVE-2024-39123

In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.

5.4CVSS5.9AI score0.00924EPSS
CVE
CVEadded 2021/10/04 3:15 p.m.25 views

CVE-2021-25964

In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered.

5.4CVSS5.2AI score0.00206EPSS