I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in "id" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user.
References
Link | Resource |
---|---|
https://github.com/mkucej/i-librarian/issues/119 | Exploit Third Party Advisory |
https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/stable.php#L8 | Exploit Third Party Advisory |
Configurations
Information
Published : 2018-03-23 14:29
Updated : 2018-04-13 06:14
NVD link : CVE-2018-1000139
Mitre link : CVE-2018-1000139
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
i-librarian
- i_librarian