Vulnerabilities > Openbiblio > Openbiblio > 0.5.1

DATE CVE VULNERABILITY TITLE RISK
2007-12-31 CVE-2007-6608 Cross-Site Scripting vulnerability in Openbiblio
Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio 0.5.2-pre4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) LAST and (2) FIRST parameters to admin/staff_del_confirm.php, (3) the name parameter to admin/theme_del_confirm.php, or (4) the themeName parameter to admin/theme_preview.php.
network
openbiblio CWE-79
4.3
4.3
2007-12-31 CVE-2007-6607 Information Exposure vulnerability in Openbiblio
OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) shared/footer.php, (2) circ/mbr_fields.php, or (3) admin/custom_marc_form_fields.php, which reveals the path in various error messages.
network
low complexity
openbiblio CWE-200
5.0
5.0
2007-03-03 CVE-2007-1261 Permissions, Privileges, and Access Controls vulnerability in Openbiblio
Unspecified vulnerability in the reports system in OpenBiblio before 0.6.0 allows attackers to gain privileges via unspecified vectors.
network
low complexity
openbiblio CWE-264
7.5
7.5