Janeczku Calibre-Web vulnerabilities
17 known vulnerabilities affecting janeczku/janeczku_calibre-web.
Total CVEs
17
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH1MEDIUM8
Vulnerabilities
Page 1 of 1
CVE-2022-0990P3CRITICALCVSS 9.1≥ unspecified, < 0.6.182022-04-04
CVE-2022-0990 [CRITICAL] CWE-918 CVE-2022-0990: Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
nvd
CVE-2022-0939P3CRITICALCVSS 9.9≥ unspecified, < 0.6.182022-04-04
CVE-2022-0939 [CRITICAL] CWE-918 CVE-2022-0939: Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
nvd
CVE-2022-0766P3CRITICALCVSS 9.8≥ unspecified, < 0.6.172022-03-07
CVE-2022-0766 [CRITICAL] CWE-918 CVE-2022-0766: Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
nvd
CVE-2022-0767P3CRITICALCVSS 9.9≥ unspecified, < 0.6.172022-03-07
CVE-2022-0767 [CRITICAL] CWE-918 CVE-2022-0767: Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
nvd
CVE-2022-2525P3CRITICALCVSS 9.8≥ unspecified, < 0.6.202023-04-15
CVE-2022-2525 [CRITICAL] CWE-307 CVE-2022-2525: Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.
nvd
CVE-2021-4171P3CRITICALCVSS 9.8≥ unspecified, < 0.6.152022-01-17
CVE-2021-4171 [CRITICAL] CWE-840 CVE-2021-4171: calibre-web is vulnerable to Business Logic Errors
calibre-web is vulnerable to Business Logic Errors
nvd
CVE-2022-0339P3CRITICALCVSS 9.8≥ unspecified, < 0.6.162022-01-30
CVE-2022-0339 [CRITICAL] CWE-918 CVE-2022-0339: Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.
Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.
nvd
CVE-2023-2106P3CRITICALCVSS 9.8≥ unspecified, < 0.6.202023-04-15
CVE-2023-2106 [CRITICAL] CWE-521 CVE-2023-2106: Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.
nvd
CVE-2021-4164P3HIGHCVSS 8.8≥ unspecified, < 0.6.152022-01-17
CVE-2021-4164 [HIGH] CWE-352 CVE-2021-4164: calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)
nvd
CVE-2022-0273P3MEDIUMCVSS 6.5≥ unspecified, < 0.6.162022-01-30
CVE-2022-0273 [MEDIUM] CWE-284 CVE-2022-0273: Improper Access Control in Pypi calibreweb prior to 0.6.16.
Improper Access Control in Pypi calibreweb prior to 0.6.16.
nvd
CVE-2021-3988P4MEDIUMCVSS 6.1≥ unspecified, ≤ latest2024-11-15
CVE-2021-3988 [MEDIUM] CWE-79 CVE-2021-3988: A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file
A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization, allowing attackers to execute arbitrary JavaScript code.
nvd
CVE-2022-0352P4MEDIUMCVSS 6.1≥ unspecified, < 0.6.162022-01-28
CVE-2022-0352 [MEDIUM] CWE-79 CVE-2022-0352: Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.
Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.
nvd
CVE-2021-4170P4MEDIUMCVSS 5.4≥ unspecified, < 0.6.152022-01-16
CVE-2021-4170 [MEDIUM] CWE-79 CVE-2021-4170: calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-sit
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
nvd
CVE-2021-3987P4MEDIUMCVSS 4.3≥ unspecified, ≤ latest2024-11-15
CVE-2021-3987 [MEDIUM] CWE-284 CVE-2021-3987: An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `create_shelf` method in `shelf.py` not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized a
nvd
CVE-2022-0405P4MEDIUMCVSS 4.3≥ unspecified, < 0.6.162022-04-03
CVE-2022-0405 [MEDIUM] CWE-284 CVE-2022-0405: Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.
nvd
CVE-2022-0406P4MEDIUMCVSS 4.3≥ unspecified, < 0.6.162022-04-03
CVE-2022-0406 [MEDIUM] CWE-285 CVE-2022-0406: Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.
Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.
nvd
CVE-2021-3986P4MEDIUMCVSS 4.3≥ unspecified, ≤ latest2024-11-15
CVE-2021-3986 [MEDIUM] CWE-209 CVE-2021-3986: A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelv
A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private informat
nvd