I-Librarian: >> I, Librarian Security Vulnerabilities
I, Librarian 4.10 has XSS via the notes.php notes parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-04-22
I, Librarian 4.10 has XSS via the export.php export_files parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-04-22
Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-04-20
I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea.
CVSS Score
10.0
EPSS Score
0.004
Published
2018-03-13