Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-11449 | 1 I-librarian | 1 I\, Librarian | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
I, Librarian 4.10 has XSS via the notes.php notes parameter. | |||||
CVE-2019-11428 | 1 I-librarian | 1 I\, Librarian | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
I, Librarian 4.10 has XSS via the export.php export_files parameter. | |||||
CVE-2019-11359 | 1 I-librarian | 1 I\, Librarian | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter. | |||||
CVE-2018-1000124 | 1 I-librarian | 1 I\, Librarian | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea. |