An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application. In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.Ĭalibre-web is vulnerable to Business Logic ErrorsĬalibre-web is vulnerable to Cross-Site Request Forgery (CSRF)Ĭalibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Improper Access Control in Pypi calibreweb prior to 0.6.16.Ĭross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16. Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16. Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16. Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. Calibre-Web before 0.6.18 allows user table SQL Injection.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |