CVE-2022-0352: Cross-site Scripting in calibreweb

January 29, 2022 (updated November 19, 2024)

calibreweb prior to version 0.6.16 contains a cross-site scripting vulnerability.

References

github.com/advisories/GHSA-h56g-v4vp-q9q6
github.com/janeczku/calibre-web
github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1
github.com/pypa/advisory-database/tree/main/vulns/calibreweb/PYSEC-2022-18.yaml
huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717
nvd.nist.gov/vuln/detail/CVE-2022-0352

Detect and mitigate CVE-2022-0352 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →