CVE-2021-4170

Опубликовано: 16 янв. 2022

Источник: nvd

CVSS3: 7.3

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ссылки

https://github.com/janeczku/calibre-web/commit/7ad419dc8c12180e842a82118f4866ac3d074bc5
Patch
Third Party Advisory
https://huntr.dev/bounties/ff395101-e392-401d-ab4f-579c63fbf6a0
Exploit
Third Party Advisory
https://github.com/janeczku/calibre-web/commit/7ad419dc8c12180e842a82118f4866ac3d074bc5
Patch
Third Party Advisory
https://huntr.dev/bounties/ff395101-e392-401d-ab4f-579c63fbf6a0
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:janeczku:calibre-web:*:*:*:*:*:*:*:*

Версия до 0.6.15 (исключая)

EPSS

Процентиль: 51%

0.00282

Низкий

7.3 High

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-4170

CVSS3: 5.4

debian

около 4 лет назад

calibre-web is vulnerable to Improper Neutralization of Input During W ...

GHSA-wrp6-9w7f-3wxg

CVSS3: 5.4

github

около 4 лет назад

calibre-web is vulnerable to Cross-site Scripting

EPSS

Процентиль: 51%

0.00282

Низкий

7.3 High

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79