CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12655
https://notcve.org/view.php?id=CVE-2018-12655
22 Jun 2018 — Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242. Existe Cross-Site Scripting (XSS) reflejado en el módulo Circulation en SLiMS 8 Akasia 8.3.1 mediante un URI admin/modules/circulation/loan_rules.php?keywords=. Este problema está relacionado con CVE-2017-7242. • https://github.com/slims/slims8_akasia/issues/99 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12659
https://notcve.org/view.php?id=CVE-2018-12659
22 Jun 2018 — SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter. SLiMS 8 Akasia 8.3.1 permite que atacantes remotos omitan el mecanismo de protección CSRF y obtengan acceso eludiendo el parámetro csrf_token. • https://github.com/slims/slims8_akasia/issues/103 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12656
https://notcve.org/view.php?id=CVE-2018-12656
22 Jun 2018 — Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI. Existe Cross-Site Scripting (XSS) reflejado en el módulo Membership en SLiMS 8 Akasia 8.3.1 mediante un URI admin/modules/membership/index.php?keywords=. • https://github.com/slims/slims8_akasia/issues/100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12654
https://notcve.org/view.php?id=CVE-2018-12654
22 Jun 2018 — Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI. Existe Cross-Site Scripting (XSS) reflejado en el módulo Bibliography en SLiMS 8 Akasia 8.3.1 mediante un URI admin/modules/bibliography/index.php?keywords=. • https://github.com/slims/slims8_akasia/issues/98 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12658
https://notcve.org/view.php?id=CVE-2018-12658
22 Jun 2018 — Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI. Existe Cross-Site Scripting (XSS) reflejado en el módulo Stock Take en SLiMS 8 Akasia 8.3.1 mediante un URI admin/modules/stock_take/index.php?keywords=. • https://github.com/slims/slims8_akasia/issues/102 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2017-12585
https://notcve.org/view.php?id=CVE-2017-12585
06 Aug 2017 — SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users. SLiMS 8 Akasia en su versión 8.3.1 tiene una inyección SQL en admin/AJAX_lookup_handler.php (parámetros tableName y tableFields), admin/AJAX_check_id.php y admin/AJAX_vocabolary_control.php. Esta vulnerabilidad puede ser explotada por usuarios remotos de librería aut... • https://github.com/slims/slims8_akasia/issues/47 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-12584
https://notcve.org/view.php?id=CVE-2017-12584
06 Aug 2017 — There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation. No existe mitigación para la vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en la versión 8.3.1 de SLiMS ... • https://github.com/slims/slims8_akasia/issues/49 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2017-12586
https://notcve.org/view.php?id=CVE-2017-12586
06 Aug 2017 — SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users. La versión 8.3.1 de SLiMS 8 Akasia tiene un problema de lectura de archivos arbitrarios debido a un salto de directorio en el parámetro url al admin/help.php. Esta vulnerabilidad puede ser explotada por usuarios remotos de librería remotos autenticados. • https://github.com/slims/slims8_akasia/issues/48 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7242
https://notcve.org/view.php?id=CVE-2017-7242
23 Mar 2017 — Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.php, bibliography/item_barcode_generator.php, bibliography/printed_card.php, circulation/loan_rules.php, master_file/author.php, master_file/coll_type.php, and master_file/doc_language.php and the quickReturnID field to circulation/ajax_action.php. Múltiples secuencias de comandos en sitio... • http://www.daimacn.com/post/10.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7202
https://notcve.org/view.php?id=CVE-2017-7202
21 Mar 2017 — Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16. The vulnerabilities exist due to insufficient filtration of user-supplied data (id) passed to the 'slims7_cendana-master/template/default/detail_template.php' and 'slims7_cendana-master/template/default-rtl/detail_template.php' URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. Múltiples vulnerabilidades XSS fueron descubiertas en SLiMS 7 Cendana en ver... • http://www.securityfocus.com/bid/97004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •