Andreafasolino

Name of the Vulnerable Software and Affected Versions: I, Librarian versions prior to 5.11.2 Description: The issue arises from a broken logic in handling Supplemental Files, allowing unsafe files with Javascript to be executed within the application context. An attacker can exploit this by uploading a malicious file, which will be executed when loaded in the browser. Recommendations: For versions prior to 5.11.2, update to version 5.11.2 to resolve the issue. As a temporary workaround, consider restricting the upload of supplementary files or disabling the viewing of such files in the browser until the update is applied.