Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component.
oryginał ENCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HScilico I\, Librarian
APPScilico≤ 5.11.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEXSS
Powiązane podatności
CVE-2018-1000141CRITICAL9.1ten sam produkt
I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php ...
CVE-2018-1000138CRITICAL9.1ten sam produkt
I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functio...
CVE-2018-1000124CRITICAL10.0ten sam produkt
I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154...
CVE-2017-1000237CRITICAL9.8ten sam produkt
I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php result...
CVE-2017-1000235CRITICAL9.8ten sam produkt
I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web se...