Lucene search

I, Librarian Security Vulnerabilities

cve

CVE-2018-1000124

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter f...

10CVSS

9.2AI Score

0.007EPSS

2018-03-13 09:29 PM

cve

CVE-2019-11359

Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter.

6.1CVSS

6AI Score

0.001EPSS

2019-04-20 12:29 AM

cve

CVE-2019-11428

I, Librarian 4.10 has XSS via the export.php export_files parameter.

6.1CVSS

5.9AI Score

0.001EPSS

2019-04-22 11:29 AM

cve

CVE-2019-11449

I, Librarian 4.10 has XSS via the notes.php notes parameter.

6.1CVSS

5.9AI Score

0.001EPSS

2019-04-22 02:29 PM