CRITICAL9.9CVE-2022-0767Server-Side Request Forgery in calibreweb from 0, < 0.6.17
from 0, < 0.6.18
CRITICAL9.8CVE-2022-0766Server-Side Request Forgery in calibreweb from 0, < 0.6.17
CRITICAL9.8calibre-web is vulnerable to Business Logic Errors
from 0, < 0.6.15
HIGH7.6calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)
from 0, < 0.6.15
HIGH7.3Weak Password Requirements in calibreweb
from 0, < 0.6.20
MEDIUM6.5Server-Side Request Forgery in calibreweb
from 0, < 0.6.16
MEDIUM6.5Server-Side Request Forgery in calibreweb
from 0, < 3b216bfa07ec7992eff03e55d61732af6df9bb92 | from 0, < 0.6.16
MEDIUM6.5Incorrect Authorization in calibreweb
from 0, < 0c0313f375bed7b035c8c0482bbb09599e16bfcf | from 0, < 0.6.16
MEDIUM6.5Incorrect Authorization in calibreweb
from 0, < 0.6.16
MEDIUM6.1Cross-site Scripting (XSS) - DOM in janeczku/calibre-web
from 0, < 0.6.15
MEDIUM6.1Cross-site Scripting in calibreweb
from 0, < 6bf07539788004513c3692c074ebc7ba4ce005e1 | from 0, < 0.6.16
MEDIUM6.1Cross-site Scripting in calibreweb
from 0, < 0.6.16
MEDIUM5.4Improper Access Control in janeczku/calibre-web
from 0, < 0.6.15
MEDIUM5.4Calibre-Web Cross Site Scripting (XSS)
>= 0.6.0, <= 0.6.21
MEDIUM5.4calibre-web is vulnerable to Cross-site Scripting
from 0, < 0.6.15
MEDIUM4.3Generation of Error Message Containing Sensitive Information in janeczku/calibre-web
from 0, < 0.6.15
—Calibre-Web Has a Stored Cross-Site Scripting (XSS) Vulnerability via the 'username' Field During User Creation
from 0, <= 0.6.25
—Calibre Web and Autocaliweb have OS Command Injection vulnerability
from 0, <= 0.6.24
—Calibre Web and Autocaliweb have a ReDoS vulnerability
from 0, <= 0.6.24
—Improper Restriction of Excessive Authentication Attempts in calibreweb
from 0, < 0.6.20