WS-2023-0380 | Mend Vulnerability Database

Vulnerability DatabaseWS-2023-0380

WS-2023-0380

Published:May 15, 2026

Updated:May 15, 2026

Cross-Site Request Forgery (CSRF) in GitHub repository janeczku/calibre-web prior to 0.6.16.

Affected Packages

calibreweb (PYTHON):

Affected version(s) >=0.6.12 <0.6.16

Fix Suggestion:

Update to version 0.6.16

Related Resources (1)

https://github.com/janeczku/calibre-web/commit/de1bc3f9af089d324037a6cfd47eaea2f3fab793

Do you need more information?

CVSS v4

Base Score:

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

PASSIVE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

HIGH

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

LOW