Kacper Rybczyński

**Name of the Vulnerable Software and Affected Versions** DInGO dLibra software versions 6.0 through 6.3.19 **Description** The issue is related to improper neutralization of input during web page generation, allowing a Reflected Cross-Site Scripting (XSS) attack. This occurs in the `filter` parameter of the "indexsearch" endpoint. An attacker could trick a user into using a crafted URL, causing a script to run in the user's browser. **Recommendations** For versions 6.0 through 6.3.19, update to version 6.3.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the "indexsearch" endpoint or avoiding the use of the `filter` parameter until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: SOWA OPAC versions 4.0 through 4.9.10 SOWA OPAC versions 5.0 through 6.2.12 Description: The issue allows for Reflected Cross-Site Scripting (XSS) due to improper neutralization of input during web page generation. An attacker could trick a user into using a crafted URL, causing a script to run in the user's browser. Recommendations: For SOWA OPAC versions 4.0 through 4.9.10, update to version 4.9.10 or later. For SOWA OPAC versions 5.0 through 6.2.12, update to version 6.2.12 or later.

Name of the Vulnerable Software and Affected Versions: 2ClickPortal versions 7.2.31 through 7.6.4 Description: The issue is related to improper neutralization of input during web page generation, allowing reflected cross-site scripting (XSS). An attacker could trick a user into using a crafted URL, causing a script to run in the user's browser. Recommendations: For versions 7.2.31 through 7.6.4, update to a version that fixes the improper neutralization of input during web page generation to prevent reflected cross-site scripting (XSS) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.