Scilico I\,_librarian

14 CVEs affecting Scilico I\,_librarian. Latest disclosed: 2024-08-12. Critical: 5, High: 2.

Top CVEs affecting Scilico I\,_librarian
CVESeverityScorePublishedSummary
CVE-2018-1000124Critical10.02018-03-13I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) tha…
CVE-2017-1000237Critical9.82017-11-17I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user'…
CVE-2017-1000235Critical9.82017-11-17I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.
CVE-2018-1000141Critical9.12018-03-23I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized…
CVE-2018-1000138Critical9.12018-03-23I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing fu…
CVE-2018-1000137High8.82018-03-23I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being…
CVE-2024-40500High8.62024-08-12Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in…
CVE-2019-11449Medium6.12019-04-22I, Librarian 4.10 has XSS via the notes.php notes parameter.
CVE-2019-11428Medium6.12019-04-22I, Librarian 4.10 has XSS via the export.php export_files parameter.
CVE-2019-11359Medium6.12019-04-20Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project par…
CVE-2018-1000139Medium6.12018-03-23I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in "id" parameter in stable.php that can result in an attacker using t…
CVE-2017-1000236Medium6.12017-11-17I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client…
CVE-2023-3021Medium5.42023-05-31Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to 5.10.4.
CVE-2017-1000234Medium5.32017-11-17I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navig…