In “Calibre-web� application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata�. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered.

Source: CVE-2021-25964

댓글 남기기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다

Time limit is exhausted. Please reload the CAPTCHA.