In janeczku Calibre-Web 0.6.0 to 0.6.21, the editbookcomments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the cleanstring function. The vulnerability arises from the way the cleanstring function handles HTML sanitization.
{ "nvd_published_at": "2024-07-19T20:15:07Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-07-19T22:39:54Z" }