Product detail

Affected product: I-Librarian
Affected version: 5.11.0
Affected components: '/librarian/index.php/arxiv/search', '/librarian/index.php/#pubmed/search' and '/librarian/index.php/#pmc/search' etc.

A multiple Cross-site scripting (XSS) vulnerability in the '/librarian/index.php/arxiv/search', '/librarian/index.php/#pubmed/search' and '/librarian/index.php/#pmc/search' via the search function in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute XSS.

Prerequisite

Install I-Librarian from official I-Librarian Github repository GitHub page


Installed I-Librarian version 5.11.0


Exploitation

XSS payload in search function



XSS executed successfully.