Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

I-librarian Security Vulnerabilities

cve
cve

CVE-2022-47854

i-librarian 4.10 is vulnerable to Arbitrary file upload in...

9.8CVSS

9.3AI Score

0.003EPSS

2023-01-31 06:15 PM
19
cve
cve

CVE-2019-11449

I, Librarian 4.10 has XSS via the notes.php notes...

6.1CVSS

6.2AI Score

0.001EPSS

2019-04-22 02:29 PM
20
cve
cve

CVE-2019-11428

I, Librarian 4.10 has XSS via the export.php export_files...

6.1CVSS

6.2AI Score

0.001EPSS

2019-04-22 11:29 AM
19
cve
cve

CVE-2019-11359

Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project...

6.1CVSS

6.3AI Score

0.001EPSS

2019-04-20 12:29 AM
18
cve
cve

CVE-2018-1000137

I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's...

8.8CVSS

7.6AI Score

0.001EPSS

2018-03-23 09:29 PM
21
cve
cve

CVE-2018-1000139

I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in "id" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting...

6.1CVSS

5.6AI Score

0.001EPSS

2018-03-23 09:29 PM
23
cve
cve

CVE-2018-1000138

I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal...

9.1CVSS

7.2AI Score

0.002EPSS

2018-03-23 09:29 PM
31
cve
cve

CVE-2018-1000141

I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project...

9.1CVSS

7.4AI Score

0.002EPSS

2018-03-23 09:29 PM
23
cve
cve

CVE-2018-1000124

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter.....

10CVSS

7.2AI Score

0.003EPSS

2018-03-13 09:29 PM
24
cve
cve

CVE-2017-1000235

I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully...

9.8CVSS

7.9AI Score

0.004EPSS

2017-11-17 04:29 AM
32
cve
cve

CVE-2017-1000236

I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated...

6.1CVSS

6.2AI Score

0.001EPSS

2017-11-17 04:29 AM
27
cve
cve

CVE-2017-1000237

I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's...

9.8CVSS

7.4AI Score

0.003EPSS

2017-11-17 04:29 AM
29
cve
cve

CVE-2017-1000234

I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir"...

5.3CVSS

7.3AI Score

0.001EPSS

2017-11-17 04:29 AM
25