Show filters
21 Total Results
Displaying 11-20 of 21
Sort by:
Attacker Value
Unknown

CVE-2022-0767

Disclosure Date: March 07, 2022 (last updated November 20, 2024)
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0766

Disclosure Date: March 07, 2022 (last updated November 20, 2024)
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0339

Disclosure Date: January 30, 2022 (last updated November 20, 2024)
Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0273

Disclosure Date: January 30, 2022 (last updated November 20, 2024)
Improper Access Control in Pypi calibreweb prior to 0.6.16.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0352

Disclosure Date: January 28, 2022 (last updated November 20, 2024)
Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-4164

Disclosure Date: January 17, 2022 (last updated November 20, 2024)
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-4171

Disclosure Date: January 17, 2022 (last updated November 20, 2024)
calibre-web is vulnerable to Business Logic Errors
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-4170

Disclosure Date: January 16, 2022 (last updated November 20, 2024)
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-25965

Disclosure Date: November 16, 2021 (last updated November 20, 2024)
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-25964

Disclosure Date: October 02, 2021 (last updated November 20, 2024)
In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
View More Topics  < Previous  Next >