Scilico I\,_librarian
14 CVEs affecting Scilico I\,_librarian. Latest disclosed: 2024-08-12. Critical: 5, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-1000124 | Critical | 10.0 | 2018-03-13 | I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) tha… |
CVE-2017-1000237 | Critical | 9.8 | 2017-11-17 | I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user'… |
CVE-2017-1000235 | Critical | 9.8 | 2017-11-17 | I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised. |
CVE-2018-1000141 | Critical | 9.1 | 2018-03-23 | I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized… |
CVE-2018-1000138 | Critical | 9.1 | 2018-03-23 | I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing fu… |
CVE-2018-1000137 | High | 8.8 | 2018-03-23 | I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being… |
CVE-2024-40500 | High | 8.6 | 2024-08-12 | Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in… |
CVE-2019-11449 | Medium | 6.1 | 2019-04-22 | I, Librarian 4.10 has XSS via the notes.php notes parameter. |
CVE-2019-11428 | Medium | 6.1 | 2019-04-22 | I, Librarian 4.10 has XSS via the export.php export_files parameter. |
CVE-2019-11359 | Medium | 6.1 | 2019-04-20 | Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project par… |
CVE-2018-1000139 | Medium | 6.1 | 2018-03-23 | I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in "id" parameter in stable.php that can result in an attacker using t… |
CVE-2017-1000236 | Medium | 6.1 | 2017-11-17 | I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client… |
CVE-2023-3021 | Medium | 5.4 | 2023-05-31 | Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to 5.10.4. |
CVE-2017-1000234 | Medium | 5.3 | 2017-11-17 | I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navig… |