GSA_kwCzR0hTQS1oNTZnLXY0dnAtcTlxNs0nVw

Moderate CVSS: 5.3 EPSS: 0.00318% (0.54243 Percentile) EPSS:

Permalink JSON

Cross-site Scripting in calibreweb

Affected Packages	Affected Versions	Fixed Versions
pypi:calibreweb	< 0.6.16	0.6.16
0 Dependent packages 1 Dependent repositories 3,036 Downloads last month Affected Version Ranges All affected versions 0.6.12, 0.6.13, 0.6.14, 0.6.15 All unaffected versions 0.6.16, 0.6.17, 0.6.18, 0.6.19, 0.6.20, 0.6.21, 0.6.22, 0.6.23, 0.6.24

calibreweb prior to version 0.6.16 contains a cross-site scripting vulnerability.

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-0352
https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1
https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717
https://github.com/pypa/advisory-database/tree/main/vulns/calibreweb/PYSEC-2022-18.yaml
https://github.com/advisories/GHSA-h56g-v4vp-q9q6

Identifiers

GHSA-h56g-v4vp-q9q6

CVE-2022-0352

Risk

Severity

Moderate

CVSS

CVSS Score: 5.3

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS

EPSS Percentage: 0.00318

EPSS Percentile: 0.54243

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/janeczku/calibre-web

Date and time

Published

over 3 years ago

Updated

11 months ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories