VYPR
Vendor

Mkucej

Products
1
CVEs
17
Across products
17
Status
Private

Products

1

Recent CVEs

17
  • CVE-2018-1000124CriMar 13, 2018
    risk 0.65cvss 10.0epss 0.02

    I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting…

  • CVE-2017-1000237CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.02

    I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password.

  • CVE-2017-1000235CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.03

    I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.

  • CVE-2018-1000141CriMar 23, 2018
    risk 0.59cvss 9.1epss 0.01

    I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions.

  • CVE-2018-1000138CriMar 23, 2018
    risk 0.59cvss 9.1epss 0.02

    I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources.

  • CVE-2018-1000137HigMar 23, 2018
    risk 0.57cvss 8.8epss 0.01

    I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge.

  • CVE-2024-54819CriJan 7, 2025
    risk 0.54cvss 9.1epss 0.18

    I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php

  • CVE-2019-11449MedApr 22, 2019
    risk 0.40cvss 6.1epss 0.01

    I, Librarian 4.10 has XSS via the notes.php notes parameter.

  • CVE-2019-11428MedApr 22, 2019
    risk 0.40cvss 6.1epss 0.01

    I, Librarian 4.10 has XSS via the export.php export_files parameter.

  • CVE-2019-11359MedApr 20, 2019
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter.

  • CVE-2018-1000139MedMar 23, 2018
    risk 0.40cvss 6.1epss 0.01

    I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in "id" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user.

  • CVE-2017-1000236MedNov 17, 2017
    risk 0.40cvss 6.1epss 0.01

    I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.

  • CVE-2017-1000234MedNov 17, 2017
    risk 0.35cvss 5.3epss 0.01

    I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter

  • CVE-2024-50344MedOct 30, 2024
    risk 0.23cvss 4.6epss 0.00

    I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the…

  • CVE-2024-41943MedJul 30, 2024
    risk 0.23cvss 4.6epss 0.00

    I, Librarian is an open-source version of a PDF managing SaaS. PDF notes are displayed on the Item Summary page without any form of validation or sanitation. An attacker can exploit this vulnerability by inserting a payload in the PDF notes that contains malicious code or…

  • CVE-2023-3021MedMay 31, 2023
    risk 0.00cvss 5.4epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to 5.10.4.

  • CVE-2023-3020MedMay 31, 2023
    risk 0.00cvss 6.1epss 0.01

    Cross-site Scripting (XSS) - Reflected in GitHub repository mkucej/i-librarian-free prior to 5.10.4.