Vulnerabilities (CVE)

Filtered by vendor I-librarian Subscribe
Filtered by product I\, Librarian
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-11449 1 I-librarian 1 I\, Librarian 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
I, Librarian 4.10 has XSS via the notes.php notes parameter.
CVE-2019-11428 1 I-librarian 1 I\, Librarian 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
I, Librarian 4.10 has XSS via the export.php export_files parameter.
CVE-2019-11359 1 I-librarian 1 I\, Librarian 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter.
CVE-2018-1000124 1 I-librarian 1 I\, Librarian 2024-11-21 7.5 HIGH 10.0 CRITICAL
I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea.