Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

i\,_librarian

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

6
Related CVEsRelated VendorsRelated AssignersReports
6Vulnerabilities found
CVE-2023-3020
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9||CRITICAL
EPSS-0.09% / 25.93%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 00:00
Updated-09 Jan, 2025 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - Reflected in mkucej/i-librarian-free

Cross-site Scripting (XSS) - Reflected in GitHub repository mkucej/i-librarian-free prior to 5.10.4.

Action-Not Available
Vendor-scilicotmkucej
Product-i\,_librarianmkucej/i-librarian-free
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-3021
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.1||MEDIUM
EPSS-0.04% / 12.44%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 00:00
Updated-09 Jan, 2025 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - Stored in mkucej/i-librarian-free

Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to 5.10.4.

Action-Not Available
Vendor-scilicomkucej
Product-i\,_librarianmkucej/i-librarian-free
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-11449
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.18%
||
7 Day CHG~0.00%
Published-22 Apr, 2019 | 13:51
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

I, Librarian 4.10 has XSS via the notes.php notes parameter.

Action-Not Available
Vendor-i-librariann/a
Product-i\,_librariann/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-11428
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.18%
||
7 Day CHG~0.00%
Published-21 Apr, 2019 | 22:06
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

I, Librarian 4.10 has XSS via the export.php export_files parameter.

Action-Not Available
Vendor-i-librariann/a
Product-i\,_librariann/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-11359
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 44.97%
||
7 Day CHG~0.00%
Published-19 Apr, 2019 | 23:59
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter.

Action-Not Available
Vendor-i-librariann/a
Product-i\,_librariann/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-1000124
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-0.41% / 60.77%
||
7 Day CHG~0.00%
Published-13 Mar, 2018 | 21:00
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea.

Action-Not Available
Vendor-i-librariann/a
Product-i\,_librariann/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)