Calibre-web Project CVE

Filtered by vendor Calibre-web Project Subscriptions

Total 18 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-25964	1 Calibre-web Project	1 Calibre-web	2024-09-17	5.4 Medium
In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered.
CVE-2020-12627	1 Calibre-web Project	1 Calibre-web	2024-08-04	9.8 Critical
Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key.
CVE-2021-25965	1 Calibre-web Project	1 Calibre-web	2024-08-03	8.8 High
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application.
CVE-2021-4164	1 Calibre-web Project	1 Calibre-web	2024-08-03	8.8 High
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4171	1 Calibre-web Project	1 Calibre-web	2024-08-03	9.8 Critical
calibre-web is vulnerable to Business Logic Errors
CVE-2021-4170	1 Calibre-web Project	1 Calibre-web	2024-08-03	5.4 Medium
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-30765	1 Calibre-web Project	1 Calibre-web	2024-08-03	9.8 Critical
Calibre-Web before 0.6.18 allows user table SQL Injection.
CVE-2022-2525	1 Calibre-web Project	1 Calibre-web	2024-08-03	9.8 Critical
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.
CVE-2022-0939	1 Calibre-web Project	1 Calibre-web	2024-08-02	9.9 Critical
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
CVE-2022-0990	1 Calibre-web Project	1 Calibre-web	2024-08-02	9.1 Critical
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
CVE-2022-0766	1 Calibre-web Project	1 Calibre-web	2024-08-02	9.8 Critical
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
CVE-2022-0767	1 Calibre-web Project	1 Calibre-web	2024-08-02	9.9 Critical
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
CVE-2022-0352	1 Calibre-web Project	1 Calibre-web	2024-08-02	6.1 Medium
Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.
CVE-2022-0406	1 Calibre-web Project	1 Calibre-web	2024-08-02	4.3 Medium
Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.
CVE-2022-0405	1 Calibre-web Project	1 Calibre-web	2024-08-02	4.3 Medium
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.
CVE-2022-0273	1 Calibre-web Project	1 Calibre-web	2024-08-02	6.5 Medium
Improper Access Control in Pypi calibreweb prior to 0.6.16.
CVE-2022-0339	1 Calibre-web Project	1 Calibre-web	2024-08-02	9.8 Critical
Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.
CVE-2023-2106	1 Calibre-web Project	1 Calibre-web	2024-08-02	9.8 Critical
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.

Page 1 of 1.