Every CVE whose affected-product data names Scilico I, Librarian, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2018-1000124 — CVSS 10.0 (critical): I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplex…
CVE-2017-1000235 — CVSS 9.8 (critical): I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.
CVE-2017-1000237 — CVSS 9.8 (critical): I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being…
CVE-2018-1000141 — CVSS 9.1 (critical): I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users…
CVE-2018-1000138 — CVSS 9.1 (critical): I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the…
CVE-2018-1000137 — CVSS 8.8 (high): I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the…
CVE-2024-40500 — CVSS 8.6 (high): Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via…
CVE-2018-1000139 — CVSS 6.1 (medium): I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in "id" parameter in stable.php that can result in…
CVE-2017-1000236 — CVSS 6.1 (medium): I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to…
CVE-2019-11359 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML…
CVE-2023-3021 — CVSS 5.4 (medium): Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to 5.10.4.
CVE-2017-1000234 — CVSS 5.3 (medium): I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating…