Опубликовано: 19 июл. 2024
Источник: github
Github: Прошло ревью
CVSS4: 5.1
CVSS3: 5.4
Описание
Calibre-Web Cross Site Scripting (XSS)
In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.
Пакеты
Наименование
calibreweb
pip
Затронутые версииВерсия исправления
>= 0.6.0, <= 0.6.21
Отсутствует
Связанные уязвимости
CVSS3: 5.4
nvd
больше 1 года назад
In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.
CVSS3: 5.4
debian
больше 1 года назад
In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments functi ...