GHSA-wrp6-9w7f-3wxg

Source

https://github.com/advisories/GHSA-wrp6-9w7f-3wxg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-wrp6-9w7f-3wxg/GHSA-wrp6-9w7f-3wxg.json

Aliases

• CVE-2021-4170

Published

2022-01-21T23:55:34Z

Modified

2024-02-19T05:26:44.066460Z

Details

calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

References

• https://nvd.nist.gov/vuln/detail/CVE-2021-4170
• https://github.com/janeczku/calibre-web/commit/7ad419dc8c12180e842a82118f4866ac3d074bc5
• https://github.com/janeczku/calibre-web
• https://huntr.dev/bounties/ff395101-e392-401d-ab4f-579c63fbf6a0