Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 29 Sep 2025 14:45:00 +0000


Wed, 21 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Scilico
Scilico i-librarian
CPEs cpe:2.3:a:scilico:i-librarian:*:*:*:*:*:*:*:*
Vendors & Products Scilico
Scilico i-librarian

Mon, 12 Aug 2024 18:30:00 +0000

Type Values Removed Values Added
First Time appeared I-librarian
I-librarian i-librarian
Weaknesses CWE-79
CPEs cpe:2.3:a:i-librarian:i-librarian:*:*:*:*:*:*:*:*
Vendors & Products I-librarian
I-librarian i-librarian
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 12 Aug 2024 16:45:00 +0000

Type Values Removed Values Added
Description Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-09-29T14:19:24.311Z

Reserved: 2024-07-05T00:00:00.000Z

Link: CVE-2024-40500

cve-icon Vulnrichment

Updated: 2024-08-12T17:43:51.387Z

cve-icon NVD

Status : Modified

Published: 2024-08-12T17:15:17.153

Modified: 2025-09-29T15:16:06.530

Link: CVE-2024-40500

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.