Filtered by vendor Calibre-web Project
Subscriptions
Filtered by product Calibre-web
Subscriptions
Total
18 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-25964 | 1 Calibre-web Project | 1 Calibre-web | 2024-09-17 | 5.4 Medium |
In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered. | ||||
CVE-2020-12627 | 1 Calibre-web Project | 1 Calibre-web | 2024-08-04 | 9.8 Critical |
Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key. | ||||
CVE-2021-25965 | 1 Calibre-web Project | 1 Calibre-web | 2024-08-03 | 8.8 High |
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application. | ||||
CVE-2021-4164 | 1 Calibre-web Project | 1 Calibre-web | 2024-08-03 | 8.8 High |
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
CVE-2021-4171 | 1 Calibre-web Project | 1 Calibre-web | 2024-08-03 | 9.8 Critical |
calibre-web is vulnerable to Business Logic Errors | ||||
CVE-2021-4170 | 1 Calibre-web Project | 1 Calibre-web | 2024-08-03 | 5.4 Medium |
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
CVE-2022-30765 | 1 Calibre-web Project | 1 Calibre-web | 2024-08-03 | 9.8 Critical |
Calibre-Web before 0.6.18 allows user table SQL Injection. | ||||
CVE-2022-2525 | 1 Calibre-web Project | 1 Calibre-web | 2024-08-03 | 9.8 Critical |
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20. | ||||
CVE-2022-0939 | 1 Calibre-web Project | 1 Calibre-web | 2024-08-02 | 9.9 Critical |
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. | ||||
CVE-2022-0990 | 1 Calibre-web Project | 1 Calibre-web | 2024-08-02 | 9.1 Critical |
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. | ||||
CVE-2022-0766 | 1 Calibre-web Project | 1 Calibre-web | 2024-08-02 | 9.8 Critical |
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. | ||||
CVE-2022-0767 | 1 Calibre-web Project | 1 Calibre-web | 2024-08-02 | 9.9 Critical |
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. | ||||
CVE-2022-0352 | 1 Calibre-web Project | 1 Calibre-web | 2024-08-02 | 6.1 Medium |
Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16. | ||||
CVE-2022-0406 | 1 Calibre-web Project | 1 Calibre-web | 2024-08-02 | 4.3 Medium |
Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16. | ||||
CVE-2022-0405 | 1 Calibre-web Project | 1 Calibre-web | 2024-08-02 | 4.3 Medium |
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16. | ||||
CVE-2022-0273 | 1 Calibre-web Project | 1 Calibre-web | 2024-08-02 | 6.5 Medium |
Improper Access Control in Pypi calibreweb prior to 0.6.16. | ||||
CVE-2022-0339 | 1 Calibre-web Project | 1 Calibre-web | 2024-08-02 | 9.8 Critical |
Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. | ||||
CVE-2023-2106 | 1 Calibre-web Project | 1 Calibre-web | 2024-08-02 | 9.8 Critical |
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20. |
Page 1 of 1.