RSS   Podatności dla 'I, librarian'   RSS

2019-04-22
 
CVE-2019-11449

CWE-79
 

 
I, Librarian 4.10 has XSS via the notes.php notes parameter.

 
 
CVE-2019-11428

CWE-79
 

 
I, Librarian 4.10 has XSS via the export.php export_files parameter.

 
2019-04-19
 
CVE-2019-11359

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter.

 
2018-03-13
 
CVE-2018-1000124

CWE-918
 

 
I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea.

 

 >>> Vendor: I-librarian 2 Produkty
I librarian
I, librarian


Copyright 2024, cxsecurity.com

 

Back to Top