Filtered by vendor Calibre-web Project
Subscribe
Search
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30765 | 1 Calibre-web Project | 1 Calibre-web | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| Calibre-Web before 0.6.18 allows user table SQL Injection. | |||||
| CVE-2022-0273 | 1 Calibre-web Project | 1 Calibre-web | 2022-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control in Pypi calibreweb prior to 0.6.16. | |||||
| CVE-2022-0352 | 1 Calibre-web Project | 1 Calibre-web | 2022-02-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16. | |||||
| CVE-2022-0339 | 1 Calibre-web Project | 1 Calibre-web | 2022-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. | |||||
| CVE-2021-4171 | 1 Calibre-web Project | 1 Calibre-web | 2022-01-24 | 7.5 HIGH | 9.8 CRITICAL |
| calibre-web is vulnerable to Business Logic Errors | |||||
| CVE-2021-4164 | 1 Calibre-web Project | 1 Calibre-web | 2022-01-22 | 6.8 MEDIUM | 8.8 HIGH |
| calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-4170 | 1 Calibre-web Project | 1 Calibre-web | 2022-01-22 | 3.5 LOW | 5.4 MEDIUM |
| calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-25965 | 1 Calibre-web Project | 1 Calibre-web | 2021-11-17 | 6.8 MEDIUM | 8.8 HIGH |
| In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application. | |||||
| CVE-2021-25964 | 1 Calibre-web Project | 1 Calibre-web | 2021-10-08 | 3.5 LOW | 5.4 MEDIUM |
| In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered. | |||||
| CVE-2020-12627 | 1 Calibre-web Project | 1 Calibre-web | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key. | |||||