{"id":"CVE-2024-40500","details":"Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component.","modified":"2026-04-10T05:15:21.723638Z","published":"2024-08-12T17:15:17.153Z","references":[{"type":"ADVISORY","url":"https://nitipoom-jaroonchaipipat.github.io/security-research-portal/2024-40500"},{"type":"EVIDENCE","url":"https://nitipoom-jar.github.io/CVE-2024-40500/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mkucej/i-librarian-free","events":[{"introduced":"0"},{"last_affected":"079c84aba19f2485f1b65c2f54d6637f074d5cd8"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.11.0"}]}}],"versions":["5.0.2","5.0.3","5.0.4","5.0.5","5.0.6","5.0.7","5.0.8","5.1.0","5.10.1","5.10.3","5.10.4","5.11.0","5.2.0","5.2.1","5.2.2","5.2.3","5.3.0","5.4.0","5.5.0","5.6.0","5.6.1","5.7.0","5.7.1","5.7.2","5.8.0","5.9.0","5.9.1","5.9.2","5.9.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40500.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}]}