CVE-2022-0352 HIGH

CVE-2022-0352: Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web

Vendor Janeczku
Product janeczku/calibre-web
Weakness CWE-79 · XSS
Published January 28, 2022
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

8.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.

Key dates

02Disclosure timeline

January 28, 2022 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-46235 WordPress SKT Blocks – Gutenberg based Page Builder plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability CVE-2024-4400 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.4 - Authenticated (Contributer+) Stored Cross-Site Scripting CVE-2024-3732 GeoDirectory – WordPress Business Directory Plugin, or Classified Directory <= 2.3.48 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'gd_single_tabs' Shortcode CVE-2020-27659 CVE-2025-46448 WordPress Document Management System plugin <= 1.24 - Cross Site Scripting (XSS) Vulnerability