Scilico: >> I, Librarian >> 4.9 Security Vulnerabilities
Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component.
CVSS Score
8.6
EPSS Score
0.015
Published
2024-08-12
Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to 5.10.4.
CVSS Score
4.1
EPSS Score
0.0
Published
2023-05-31
I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions.
CVSS Score
9.1
EPSS Score
0.003
Published
2018-03-23