VYPR

Calibre Web

by Janeczku

Source repositories

CVEs (23)

  • CVE-2021-25965Nov 16, 2021
    risk 0.00cvss epss 0.01

    In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the…

  • CVE-2021-25964Oct 4, 2021
    risk 0.00cvss epss 0.01

    In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered.

  • CVE-2020-12627May 4, 2020
    risk 0.00cvss epss 0.01

    Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key.

Page 2 of 2