PT-2022-11612 · Alcoda · Alcoda Netbiblio Webopac

Patrick Schmid

Published

2022-01-14

Updated

2022-01-21

CVE-2021-42551

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320 AlCoda NetBiblio WebOPAC versions later than 4.0.0.328

Description A Cross-site Scripting (XSS) issue exists in the search functionality of AlCoda NetBiblio WebOPAC, allowing an unauthenticated user to craft a reflected Cross-Site Scripting attack.

Recommendations For AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320, update to version 4.0.0.335 or later. For AlCoda NetBiblio WebOPAC versions later than 4.0.0.328, update to version 4.0.0.335 or later. As a temporary workaround, consider restricting access to the search functionality until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-42551

Affected Products

Alcoda Netbiblio Webopac

PT-2022-11612 · Alcoda · Alcoda Netbiblio Webopac

CVE-2021-42551

Weakness Enumeration

Related Identifiers

Affected Products

References · 4