Description

A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization, allowing attackers to execute arbitrary JavaScript code. This can lead to various attacks, including stealing cookies. The issue is present in the code handling the `#btn-upload-cover` change event.

INFO

Published Date :

2024-11-15T10:52:39.637Z

Last Modified :

2024-11-20T22:35:15.693Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2021-3988 vulnerability.

Vendors Products
Janeczku
  • Calibre-web
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2021-3988.

URL Resource
https://github.com/janeczku/calibre-web/commit/7ad419dc8c12180e842a82118f4866ac3d074bc5 cve-icon cve-icon
https://huntr.com/bounties/fa4c8fd1-7846-4dad-9112-2c07461f0609 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact