CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25288
https://notcve.org/view.php?id=CVE-2024-25288
21 Feb 2024 — SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php. SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 es vulnerable a la inyección SQL a través de pop-scope-vocabolary.php. • https://github.com/Vuln0wned/slims_owned/blob/main/slims/slims9-bulian-9.6.1-SQLI-pop_scope_vocabolary.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24086
https://notcve.org/view.php?id=CVE-2023-24086
13 Feb 2023 — SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12657
https://notcve.org/view.php?id=CVE-2018-12657
22 Jun 2018 — Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI. Existe Cross-Site Scripting (XSS) reflejado en el módulo Master File en SLiMS 8 Akasia 8.3.1 mediante un URI admin/modules/master_file/rda_cmc.php?keywords=. • https://github.com/slims/slims8_akasia/issues/101 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12655
https://notcve.org/view.php?id=CVE-2018-12655
22 Jun 2018 — Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242. Existe Cross-Site Scripting (XSS) reflejado en el módulo Circulation en SLiMS 8 Akasia 8.3.1 mediante un URI admin/modules/circulation/loan_rules.php?keywords=. Este problema está relacionado con CVE-2017-7242. • https://github.com/slims/slims8_akasia/issues/99 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12659
https://notcve.org/view.php?id=CVE-2018-12659
22 Jun 2018 — SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter. SLiMS 8 Akasia 8.3.1 permite que atacantes remotos omitan el mecanismo de protección CSRF y obtengan acceso eludiendo el parámetro csrf_token. • https://github.com/slims/slims8_akasia/issues/103 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12656
https://notcve.org/view.php?id=CVE-2018-12656
22 Jun 2018 — Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI. Existe Cross-Site Scripting (XSS) reflejado en el módulo Membership en SLiMS 8 Akasia 8.3.1 mediante un URI admin/modules/membership/index.php?keywords=. • https://github.com/slims/slims8_akasia/issues/100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12654
https://notcve.org/view.php?id=CVE-2018-12654
22 Jun 2018 — Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI. Existe Cross-Site Scripting (XSS) reflejado en el módulo Bibliography en SLiMS 8 Akasia 8.3.1 mediante un URI admin/modules/bibliography/index.php?keywords=. • https://github.com/slims/slims8_akasia/issues/98 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12658
https://notcve.org/view.php?id=CVE-2018-12658
22 Jun 2018 — Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI. Existe Cross-Site Scripting (XSS) reflejado en el módulo Stock Take en SLiMS 8 Akasia 8.3.1 mediante un URI admin/modules/stock_take/index.php?keywords=. • https://github.com/slims/slims8_akasia/issues/102 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •