2024-11-19
Platform: calibre-web
Version: Not specified
Vulnerability: Cross-site Scripting (XSS)
Severity: Medium
Date: November 15, 2021 (Originally reported)
:
A vulnerability exists in calibre-web that allows attackers to inject malicious scripts when editing book properties. This could lead to various attacks, including stealing cookies.
What Undercode Says:
This vulnerability affects calibre-web, a web interface for the calibre ebook management software. An attacker could exploit this vulnerability to steal a user’s cookies, potentially gaining access to their calibre account and sensitive information.
It is recommended that users update to a patched version of calibre-web as soon as possible.
Additional Notes:
There is no information on specific versions affected by this vulnerability.
No CVSS score or exploit code is publicly available.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help