Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) calibreweb is a Web app for browsing, reading and downloading eBooks stored in a Calibre database. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in the `edit_book_comments` function. An attacker can inject malicious scripts by exploiting the inadequate HTML sanitization performed by the `clean_string` function. How to fix Cross-site Scripting (XSS)? Upgrade `calibreweb` to version 0.6.22 or higher.	[,0.6.22)
H Weak Password Requirements calibreweb is a Web app for browsing, reading and downloading eBooks stored in a Calibre database. Affected versions of this package are vulnerable to Weak Password Requirements due to missing rate limits in the login functionality. How to fix Weak Password Requirements? Upgrade `calibreweb` to version 0.6.20 or higher.	[,0.6.20)
H Brute Force calibreweb is a Web app for browsing, reading and downloading eBooks stored in a Calibre database. Affected versions of this package are vulnerable to Brute Force due to missing rate limiting in login form. How to fix Brute Force? Upgrade `calibreweb` to version 0.6.20 or higher.	[,0.6.20)

Go back to all versions of this package