PT-2017-17603 · Slims · Slims 7 Cendana

Published

2017-03-23

Updated

2017-03-28

CVE-2017-7242

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SLiMS 7 Cendana versions prior to 2017-03-23

Description Multiple Cross-Site Scripting (XSS) issues were found in the admin/modules components. The keywords parameter in several PHP files is vulnerable, including "bibliography/checkout item.php", "bibliography/dl print.php", "bibliography/item.php", "bibliography/item barcode generator.php", "bibliography/printed card.php", "circulation/loan rules.php", "master file/author.php", "master file/coll type.php", and "master file/doc language.php". Additionally, the quickReturnID field in "circulation/ajax action.php" is affected.

Recommendations For SLiMS 7 Cendana versions prior to 2017-03-23, consider disabling the keywords parameter in the affected PHP files and restricting access to the quickReturnID field in "circulation/ajax action.php" until a patch is available.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-7242

Affected Products

Slims 7 Cendana

PT-2017-17603 · Slims · Slims 7 Cendana

CVE-2017-7242

Weakness Enumeration

Related Identifiers

Affected Products

References · 4