Vulnerabilities > I Librarian

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-31	CVE-2022-47854	Unrestricted Upload of File with Dangerous Type vulnerability in I-Librarian 4.10 i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php. network low complexity i-librarian CWE-434 critical	9.8
2019-04-22	CVE-2019-11449	Cross-site Scripting vulnerability in I-Librarian I, Librarian 4.10 I, Librarian 4.10 has XSS via the notes.php notes parameter. network low complexity i-librarian CWE-79	6.1
2019-04-22	CVE-2019-11428	Cross-site Scripting vulnerability in I-Librarian I, Librarian 4.10 I, Librarian 4.10 has XSS via the export.php export_files parameter. network low complexity i-librarian CWE-79	6.1
2019-04-20	CVE-2019-11359	Cross-site Scripting vulnerability in I-Librarian I, Librarian 4.10 Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter. network low complexity i-librarian CWE-79	6.1
2018-03-23	CVE-2018-1000141	Improper Privilege Management vulnerability in I-Librarian I Librarian I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions. network low complexity i-librarian CWE-269 critical	9.1
2018-03-23	CVE-2018-1000139	Cross-site Scripting vulnerability in I-Librarian I Librarian I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in "id" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user. network low complexity i-librarian CWE-79	6.1
2018-03-23	CVE-2018-1000138	Server-Side Request Forgery (SSRF) vulnerability in I-Librarian I Librarian I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources. network low complexity i-librarian CWE-918 critical	9.1
2018-03-23	CVE-2018-1000137	Cross-Site Request Forgery (CSRF) vulnerability in I-Librarian I Librarian I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge. network low complexity i-librarian CWE-352	8.8
2018-03-13	CVE-2018-1000124	Server-Side Request Forgery (SSRF) vulnerability in I-Librarian I, Librarian I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. network low complexity i-librarian CWE-918 critical	10.0
2017-11-17	CVE-2017-1000237	Server-Side Request Forgery (SSRF) vulnerability in I-Librarian I Librarian I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password. network low complexity i-librarian CWE-918 critical	9.8

Vulnerabilities > I Librarian {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"I Librarian"}]}

Vulnerabilities > I Librarian