PT-2019-12314 · I · I
Teean
·
Published
2019-04-22
·
Updated
2025-12-10
·
CVE-2019-11449
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
I, Librarian version 4.10
Description
The issue is related to a security problem where an attacker can execute malicious scripts. This is achieved through the
notes parameter in the "notes.php" endpoint.Recommendations
For I, Librarian version 4.10, avoid using the
notes parameter in the "notes.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "notes.php" endpoint to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
I