calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
"https://github.com/pypa/advisory-database/blob/main/vulns/calibreweb/PYSEC-2026-620.yaml"