Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored Cross-Site Scripting (XSS) in Calibre-web via Description Field in Metadata
Vulnerability Description
In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Calibre-Web 跨站脚本漏洞
Vulnerability Description
Calibre-Web是一款用于浏览、阅读和下载Calibre数据库中电子书的Web应用程序。 Calibre-web application v0.6.0 版本至v0.6.12版本存在跨站脚本漏洞,攻击者可利用该漏洞在描述字段中注入JavaScript利用脚本。
CVSS Information
N/A
Vulnerability Type
N/A