CNNVD-202512-231 Information

CNNVD ID

CNNVD-202512-231

Related CVE

CVE-2025-65858

• CNNVD Published: 2025-12-02

Description (Chinese)

Calibre-Web是Jan B个人开发者的一款用于浏览、阅读和下载Calibre数据库中电子书的Web应用程序。 Calibre-Web v0.6.25版本存在安全漏洞，该漏洞源于用户创建时username字段未过滤恶意JavaScript，可能导致存储型跨站脚本攻击。

Description (English)

Calibre-Web is a Web application by Jan B Personal Developer for browsing, reading and downloading electronic books from the Calibre database. There is a security loophole in Calibre-Web v0.6.25, which stems from the fact that the user’s username field did not filter malicious JavaScript at the time of the user’s creation and could result in a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-12-02

Last Modified

2026-02-24

References

https://github.com/KhanhDuy155/calibre-web-CVE-2025-65858/blob/main/CVE-2025-65858.md