Ex Libris · Ex Libris Aleph 500 · CVE-2022-24177
**Name of the Vulnerable Software and Affected Versions**
Ex libris ALEPH 500 versions 18.1 through 20
**Description**
A cross-site scripting (XSS) issue exists in the component cgi-bin/ej.cgi, allowing attackers to execute arbitrary web scripts or HTML.
**Recommendations**
For versions 18.1 through 20, consider restricting access to the vulnerable cgi-bin/ej.cgi component until a patch is available. As a temporary workaround, disabling the execution of web scripts or HTML in this component may help minimize the risk of exploitation.