CVE-2025-65858

EIP tracks 1 public exploit for CVE-2025-65858. PoCs published by KhanhDuy155.

AI-analyzed exploit summary This repository contains a detailed technical analysis of CVE-2025-65858, a stored XSS vulnerability in Calibre-Web. It includes root cause analysis, affected endpoints, steps to reproduce, and proof-of-concept payloads.

A Stored Cross-Site Scripting (XSS) vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field during user creation. The payload is stored unsanitized and later executed when the /ajax/listusers endpoint is accessed.