A. R

**Name of the Vulnerable Software and Affected Versions** Oliver Library Management System (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via several parameters, including `updateform` and `displayform` to the "gateway/gateway.exe" endpoint, and `TERMS`, `database`, `srchad`, `SuggestedSearch`, and `searchform` parameters to the "Basic Search page". Additionally, the `username` parameter is vulnerable when logging on. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.