Описание
A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file edit_books.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization, allowing attackers to execute arbitrary JavaScript code. This can lead to various attacks, including stealing cookies. The issue is present in the code handling the #btn-upload-cover change event.
Уязвимые конфигурации
Конфигурация 1Версия до 0.6.15 (исключая)
cpe:2.3:a:janeczku:calibre-web:*:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00175
Низкий
5.7 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
debian
около 1 года назад
A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre- ...
CVSS3: 6.1
github
около 1 года назад
Cross-site Scripting (XSS) - DOM in janeczku/calibre-web
EPSS
Процентиль: 39%
0.00175
Низкий
5.7 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79