Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:calibre-web_project:calibre-web:0.6.8:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-2106 |
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20. Published: April 15, 2023; 10:15:07 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-2525 |
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20. Published: April 15, 2023; 9:15:44 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-0990 |
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. Published: April 04, 2022; 2:15:07 PM -0400 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-0939 |
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. Published: April 04, 2022; 6:15:08 AM -0400 |
V4.0:(not available) V3.1: 9.9 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-0406 |
Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16. Published: April 03, 2022; 3:15:07 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2022-0405 |
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16. Published: April 03, 2022; 3:15:07 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2022-0767 |
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. Published: March 07, 2022; 2:15:07 AM -0500 |
V4.0:(not available) V3.1: 9.9 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-0766 |
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. Published: March 07, 2022; 2:15:07 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-0339 |
Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. Published: January 30, 2022; 9:15:07 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-0273 |
Improper Access Control in Pypi calibreweb prior to 0.6.16. Published: January 30, 2022; 9:15:07 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2022-0352 |
Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16. Published: January 28, 2022; 5:15:15 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-4164 |
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) Published: January 17, 2022; 8:15:08 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2021-4171 |
calibre-web is vulnerable to Business Logic Errors Published: January 17, 2022; 5:15:07 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2021-4170 |
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Published: January 16, 2022; 4:15:07 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2021-25965 |
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application. Published: November 16, 2021; 5:15:06 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2021-25964 |
In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered. Published: October 04, 2021; 11:15:07 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |