CVE-2022-0352 – Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web
https://notcve.org/view.php?id=CVE-2022-0352
Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Reflejado en Pypi calibreweb versiones anteriores a 0.6.16 • https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1 https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-4164 – Cross-Site Request Forgery (CSRF) in janeczku/calibre-web
https://notcve.org/view.php?id=CVE-2021-4164
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) calibre-web es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF) • https://github.com/janeczku/calibre-web/commit/785726deee13b4d56f6c3503dd57c1e3eb7d6f30 https://huntr.dev/bounties/2debace1-a0f3-45c1-95fa-9d0512680758 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-4171 – Business Logic Errors in janeczku/calibre-web
https://notcve.org/view.php?id=CVE-2021-4171
calibre-web is vulnerable to Business Logic Errors calibre-web es vulnerable a Errores de Lógica Empresarial • https://github.com/janeczku/calibre-web/commit/3e0d8763c377d2146462811e3e4ccf13f0d312ce https://huntr.dev/bounties/1117f439-133c-4563-afb2-6cd80607bd5c • CWE-840: Business Logic Errors •
CVE-2021-4170 – Cross-site Scripting (XSS) - Stored in janeczku/calibre-web
https://notcve.org/view.php?id=CVE-2021-4170
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') calibre-web es vulnerable a una Neutralización Inapropiada de Entradas Durante la Generación de Páginas Web ("Cross-site Scripting") • https://github.com/janeczku/calibre-web/commit/7ad419dc8c12180e842a82118f4866ac3d074bc5 https://huntr.dev/bounties/ff395101-e392-401d-ab4f-579c63fbf6a0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-25965 – Calibre-web - Admin Account Takeover via Cross-Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2021-25965
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application. En Calibre-web, versiones 0.6.0 a 0.6.13, son vulnerables a un ataque de tipo Cross-Site Request Forgery (CSRF). Al atraer a un usuario autenticado para que haga clic en un enlace, un atacante puede crear un nuevo rol de usuario con privilegios de administrador y credenciales controladas por el atacante, permitiéndole tomar el control de la aplicación • https://github.com/janeczku/calibre-web/commit/50919d47212066c75f03ee7a5332ecf2d584b98e https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25965 • CWE-352: Cross-Site Request Forgery (CSRF) •