{"vulnerability": "cve-2021-25964", "sightings": [{"uuid": "57752eb0-85fb-493d-8396-0d636e5dced3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-25964", "type": "seen", "source": "https://t.me/cibsecurity/29875", "content": "\u203c CVE-2021-25964 \u203c\n\nIn \u00e2\u20ac\u0153Calibre-web\u00e2\u20ac\ufffd application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in \u00e2\u20ac\u0153Metadata\u00e2\u20ac\ufffd. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-04T18:18:48.000000Z"}, {"uuid": "2a7df0d0-77bd-4d38-90ad-603cb8b6d23e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-25964", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14093", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-25964\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: In \u201cCalibre-web\u201d application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in \u201cMetadata\u201d. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered.\n\ud83d\udccf Published: 2021-10-04T14:55:10.213Z\n\ud83d\udccf Modified: 2025-04-30T16:24:59.772Z\n\ud83d\udd17 References:\n1. https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25964\n2. https://github.com/janeczku/calibre-web/commit/32e27712f0f71fdec646add20cd78b4ce75acfce", "creation_timestamp": "2025-04-30T17:13:09.000000Z"}]}