Filtered by vendor I-librarian
Subscriptions
Filtered by product I\, Librarian
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1000124 | 1 I-librarian | 1 I\, Librarian | 2024-09-17 | N/A |
| I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea. | ||||
| CVE-2019-11449 | 1 I-librarian | 1 I\, Librarian | 2024-08-04 | N/A |
| I, Librarian 4.10 has XSS via the notes.php notes parameter. | ||||
| CVE-2019-11428 | 1 I-librarian | 1 I\, Librarian | 2024-08-04 | N/A |
| I, Librarian 4.10 has XSS via the export.php export_files parameter. | ||||
| CVE-2019-11359 | 1 I-librarian | 1 I\, Librarian | 2024-08-04 | N/A |
| Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter. | ||||
Page 1 of 1.