Skip to main content

Library Automation System

7 CVEs product

Monthly

CVE-2025-15025 HIGH This Week

Authentication bypass in Yordam Library Automation System versions 21.6 through 22.0 enables remote attackers to impersonate legitimate users and gain unauthorized administrative access by manipulating user identifiers in requests. Attackers who successfully exploit this vulnerability can achieve full system compromise including reading sensitive library records, modifying catalog data, and disrupting availability. The vulnerability requires user interaction (likely social engineering or malicious link), but no authentication, making it accessible to external threat actors. TR-CERT has published an advisory confirming the issue affects Turkish government and educational institutions using this library management platform.

Authentication Bypass Library Automation System
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2021-45479 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation vulnerability in Yordam Information Technologies Library Automation System allows Stored XSS.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Library Automation System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2021-45478 MEDIUM This Month

Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Library Automation System
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-45477 MEDIUM This Month

Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Library Automation System
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-45476 MEDIUM This Month

Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Library Automation System
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2021-45475 MEDIUM This Month

Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Library Automation System
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-2266 MEDIUM This Month

University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Library Automation System
NVD
CVSS 3.1
6.1
EPSS
0.3%
EPSS 0% CVSS 8.8
HIGH This Week

Authentication bypass in Yordam Library Automation System versions 21.6 through 22.0 enables remote attackers to impersonate legitimate users and gain unauthorized administrative access by manipulating user identifiers in requests. Attackers who successfully exploit this vulnerability can achieve full system compromise including reading sensitive library records, modifying catalog data, and disrupting availability. The vulnerability requires user interaction (likely social engineering or malicious link), but no authentication, making it accessible to external threat actors. TR-CERT has published an advisory confirming the issue affects Turkish government and educational institutions using this library management platform.

Authentication Bypass Library Automation System
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation vulnerability in Yordam Information Technologies Library Automation System allows Stored XSS.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Library Automation System
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Library Automation System
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Library Automation System
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM This Month

Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Library Automation System
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Library Automation System
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Library Automation System
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy