I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter f...
10CVSS
9.2AI Score
0.007EPSS
Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter.
6.1CVSS
6AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS