0Xdc9

**Name of the Vulnerable Software and Affected Versions** Senayan Library Management System version 9.4.2 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability was found in the component `pop chart.php`. **Recommendations** For Senayan Library Management System version 9.4.2, consider disabling access to the `pop chart.php` component until a fix is available to prevent potential exploitation of the XSS vulnerability.

**Name of the Vulnerable Software and Affected Versions** Senayan Library Management System version 9.4.2 **Description** The issue is related to a SQL injection vulnerability. It can be exploited via the `collType` parameter at the "loan by class.php" endpoint. **Recommendations** For Senayan Library Management System version 9.4.2, consider restricting access to the `loan by class.php` endpoint until a patch is available. As a temporary workaround, avoid using the `collType` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SLiMS Senayan Library Management System version 9.4.2 **Description** The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function. This enables the execution of malicious code on the client-side, potentially leading to unauthorized actions or data exposure. **Recommendations** For SLiMS Senayan Library Management System version 9.4.2, consider disabling the Search function until a patch is available to prevent exploitation of the cross-site scripting vulnerability. Restrict access to the Search bar to minimize the risk of malicious payload injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SLiMS Senayan Library Management System version 9.4.2 **Description** The issue concerns multiple Server-Side Request Forgeries in the SLiMS Senayan Library Management System. The components `/bibliography/marcsru.php` and `/bibliography/z3950sru.php` are affected. **Recommendations** For version 9.4.2, consider disabling access to the `/bibliography/marcsru.php` and `/bibliography/z3950sru.php` components until a patch is available. Restricting the use of these components can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.