CVE-2022-0352

Name of the Vulnerable Software and Affected Versions calibreweb versions prior to 0.6.16

Description The issue is related to Cross-site Scripting (XSS) - Reflected, which means an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. This type of attack occurs when user input is not properly validated or sanitized, and an attacker can reflect their input back to the user, executing the malicious script. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For versions prior to 0.6.16, update to version 0.6.16 or later to resolve the issue. As a temporary workaround, consider implementing input validation and sanitization for all user-input data to minimize the risk of exploitation. Restrict access to sensitive areas of the application to minimize the risk of XSS attacks until the issue is resolved.