{"uuid": "2a7df0d0-77bd-4d38-90ad-603cb8b6d23e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-25964", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14093", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-25964\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: In \u201cCalibre-web\u201d application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in \u201cMetadata\u201d. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered.\n\ud83d\udccf Published: 2021-10-04T14:55:10.213Z\n\ud83d\udccf Modified: 2025-04-30T16:24:59.772Z\n\ud83d\udd17 References:\n1. https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25964\n2. https://github.com/janeczku/calibre-web/commit/32e27712f0f71fdec646add20cd78b4ce75acfce", "creation_timestamp": "2025-04-30T17:13:09.000000Z"}