Patrick Schmid

**Name of the Vulnerable Software and Affected Versions** AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320 AlCoda NetBiblio WebOPAC versions later than 4.0.0.328 **Description** A Cross-site Scripting (XSS) issue exists in the search functionality of AlCoda NetBiblio WebOPAC, allowing an unauthenticated user to craft a reflected Cross-Site Scripting attack. **Recommendations** For AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320, update to version 4.0.0.335 or later. For AlCoda NetBiblio WebOPAC versions later than 4.0.0.328, update to version 4.0.0.335 or later. As a temporary workaround, consider restricting access to the search functionality until a patch is available.