exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 3

CVE-2021-3988

около 1 года назад

A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization, allowing attackers to execute arbitrary JavaScript code. This can lead to various attacks, including stealing cookies. The issue is present in the code handling the `#btn-upload-cover` change event.

CVSS3: 6.1

EPSS: Низкий

CVE-2021-3988

около 1 года назад

A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre- ...

CVSS3: 6.1

EPSS: Низкий

GHSA-r735-9gc6-2hvq

около 1 года назад

Cross-site Scripting (XSS) - DOM in janeczku/calibre-web

CVSS3: 6.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2021-3988 A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization, allowing attackers to execute arbitrary JavaScript code. This can lead to various attacks, including stealing cookies. The issue is present in the code handling the `#btn-upload-cover` change event.	CVSS3: 6.1	0% Низкий	около 1 года назад
CVE-2021-3988 A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre- ...	CVSS3: 6.1	0% Низкий	около 1 года назад
GHSA-r735-9gc6-2hvq Cross-site Scripting (XSS) - DOM in janeczku/calibre-web	CVSS3: 6.1	0% Низкий	около 1 года назад

Уязвимостей на страницу