Bounties
Partners
Community
Info
janeczku / calibre-web
Project repository
:books: Web app for browsing, reading and downloading eBooks stored in a Calibre database
Submit a report
FIRST INTERACTION
WITHIN
N/A DAYS
REVIEW
WITHIN
44 DAYS
FIX
WITHIN
124 DAYS
Cross-site scripting (XSS) stored in href bypasses filter using data wrapper
Oct 21st 2023
mrempy
•
Medium
Medium
Insufficient Session Expiration
Apr 22nd 2023
mrempy
•
pending
SMTP server credentials are returned
Oct 21st 2023
mrempy
•
Medium
Medium
Improper Access Control
Jul 9th 2023
ch1nhpd
•
informative
Critical
Cross-site Scripting (XSS) - Stored
Oct 21st 2023
mrempy
•
Low
Low
DOS at login function
Apr 21st 2023
ch1nhpd
•
pending
Improper Error Handling at Rating function
Oct 21st 2023
baobaovt
•
Medium
Medium
Server-Side Request Forgery (SSRF)
Jul 9th 2023
dungtuanha
•
informative
Critical
Weak Password Requirements
Apr 15th 2023
domiee13
•
High
•
$25
High
•
$25
•
CVE-2023-2106
CVE-2023-2106
Improper Restriction of Excessive Authentication Attempts in login feature
Apr 15th 2023
domiee13
•
High
•
$25
High
•
$25
•
CVE-2022-2525
CVE-2022-2525
Open redirection via host header injection
Jul 9th 2023
nikunjsapara
•
not applicable
Server-Side Request Forgery (SSRF)
Apr 3rd 2022
michaellrowley
•
Critical
•
$45
Critical
•
$45
•
CVE-2022-0990
CVE-2022-0990
Server-Side Request Forgery (SSRF)
Apr 3rd 2022
416e6e61
•
Critical
•
$45
Critical
•
$45
•
CVE-2022-0939
CVE-2022-0939
Server-Side Request Forgery (SSRF)
Mar 6th 2022
416e6e61
•
Critical
•
$45
Critical
•
$45
•
CVE-2022-0767
CVE-2022-0767
Server-Side Request Forgery (SSRF)
Mar 6th 2022
r0hansh
•
Medium
•
$40
Medium
•
$40
•
CVE-2022-0766
CVE-2022-0766
Improper Authorization
Apr 3rd 2022
nhiephon
•
Medium
•
$42.5
Medium
•
$42.5
•
CVE-2022-0406
CVE-2022-0406
Improper Access Control
Apr 3rd 2022
nhiephon
•
Medium
•
$26
Medium
•
$26
•
CVE-2022-0405
CVE-2022-0405
Improper Access Control
Jan 28th 2022
nhiephon
•
Medium
Medium
•
CVE-2022-0273
CVE-2022-0273
Cross-site Scripting (XSS) - Reflected
Jan 28th 2022
alicaz
•
High
•
$28.5
High
•
$28.5
•
CVE-2022-0352
CVE-2022-0352
Business Logic Errors
Jan 16th 2022
alicaz
•
High
•
$85
High
•
$85
•
CVE-2021-4171
CVE-2021-4171
Cross-site Scripting (XSS) - Stored
Jan 16th 2022
scara31
•
High
•
$42.5
High
•
$42.5
•
CVE-2021-4170
CVE-2021-4170
Server-Side Request Forgery (SSRF)
Jan 28th 2022
scara31
•
Medium
•
$68
Medium
•
$68
•
CVE-2022-0339
CVE-2022-0339
Cross-Site Request Forgery (CSRF)
Jan 16th 2022
scara31
•
High
•
$26
High
•
$26
•
CVE-2021-4164
CVE-2021-4164
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Jan 16th 2022
acciobugs
•
Medium
Medium
Improper Access Control
Nov 20th 2021
acciobugs
•
Medium
•
$80
Medium
•
$80
•
CVE-2021-3987
CVE-2021-3987
Cross-site Scripting (XSS) - DOM
Nov 20th 2021
acciobugs
•
Medium
•
$48
Medium
•
$48
•
CVE-2021-3988
CVE-2021-3988
Generation of Error Message Containing Sensitive Information
Nov 20th 2021
acciobugs
•
Medium
•
$96
Medium
•
$96
•
CVE-2021-3986
CVE-2021-3986
Cross-Site Request Forgery (CSRF)
Oct 21st 2023
ranjit-git
•
High
•
$50
High
•
$50
Cross-Site Request Forgery (CSRF)
Oct 21st 2023
mik317
•
Medium
•
$80
Medium
•
$80
Cross-site Scripting (XSS) - Stored
Apr 19th 2022
ranjit-git
•
High
•
$40
High
•
$40
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Jul 23rd 2021
acciobugs
•
Medium
•
$40
Medium
•
$40
Cross-Site Request Forgery (CSRF)
Nov 20th 2021
acciobugs
•
High
•
$40
High
•
$40
Exposure of Private Personal Information to an Unauthorized Actor
Jul 27th 2021
acciobugs
•
Medium
•
$40
Medium
•
$40
Improper Access Control
Jul 24th 2021
acciobugs
•
High
•
$40
High
•
$40
Insufficient Session Expiration
Sep 29th 2021
acciobugs
•
Medium
•
$40
Medium
•
$40
CRITICAL
$0
HIGH
$0
MEDIUM
$0
LOW
$0
