Vulnerabilities > Calibre WEB Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-30 | CVE-2022-0339 | Server-Side Request Forgery (SSRF) vulnerability in Calibre-Web Project Calibre-Web Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. | 7.5 |
2022-01-28 | CVE-2022-0352 | Cross-site Scripting vulnerability in Calibre-Web Project Calibre-Web Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16. | 4.3 |
2022-01-17 | CVE-2021-4164 | Cross-Site Request Forgery (CSRF) vulnerability in Calibre-Web Project Calibre-Web calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) | 6.8 |
2022-01-17 | CVE-2021-4171 | Unspecified vulnerability in Calibre-Web Project Calibre-Web calibre-web is vulnerable to Business Logic Errors | 7.5 |
2022-01-16 | CVE-2021-4170 | Cross-site Scripting vulnerability in Calibre-Web Project Calibre-Web calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 3.5 |
2021-11-16 | CVE-2021-25965 | Cross-Site Request Forgery (CSRF) vulnerability in Calibre-Web Project Calibre-Web In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). | 6.8 |
2021-10-04 | CVE-2021-25964 | Cross-site Scripting vulnerability in Calibre-Web Project Calibre-Web In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. | 3.5 |
2020-05-04 | CVE-2020-12627 | Improper Authentication vulnerability in Calibre-Web Project Calibre-Web 0.6.6 Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key. | 7.5 |