In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| calibreweb(PyPI) | 0.6.0 | N/A | N/A |
CVSS Metrics
