CVE-2021-25965
Published
CVSS v3
8.8
HIGH
CVSS v2
6.8
MEDIUM
Affected
1
PROJECT
Description
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application.
:books: Web app for browsing, reading and downloading eBooks stored in a Calibre database
GitHub