Vulnerabilities > Janeczku > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2021-3986 Unspecified vulnerability in Janeczku Calibre-Web
A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users.
network
low complexity
janeczku
4.3
4.3
2024-11-15 CVE-2021-3987 Missing Authorization vulnerability in Janeczku Calibre-Web
An improper access control vulnerability exists in janeczku/calibre-web.
network
low complexity
janeczku CWE-862
4.3
4.3
2024-11-15 CVE-2021-3988 Unspecified vulnerability in Janeczku Calibre-Web
A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`.
network
low complexity
janeczku
6.1
6.1
2022-04-03 CVE-2022-0405 Unspecified vulnerability in Janeczku Calibre-Web
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.
network
low complexity
janeczku
4.3
4.3
2022-04-03 CVE-2022-0406 Incorrect Authorization vulnerability in Janeczku Calibre-Web
Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.
network
low complexity
janeczku CWE-863
4.3
4.3
2022-01-30 CVE-2022-0273 Unspecified vulnerability in Janeczku Calibre-Web
Improper Access Control in Pypi calibreweb prior to 0.6.16.
network
low complexity
janeczku
6.5
6.5
2022-01-28 CVE-2022-0352 Unspecified vulnerability in Janeczku Calibre-Web
Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.
network
low complexity
janeczku
6.1
6.1
2022-01-16 CVE-2021-4170 Unspecified vulnerability in Janeczku Calibre-Web
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
network
low complexity
janeczku
5.4
5.4
2021-10-04 CVE-2021-25964 Cross-site Scripting vulnerability in Janeczku Calibre-Web
In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”.
network
low complexity
janeczku CWE-79
5.4
5.4