PT-2022-16524 · Ex Libris · Ex Libris Aleph 500
Zhao1231
·
Published
2022-03-07
·
Updated
2022-03-16
·
CVE-2022-24177
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Ex libris ALEPH 500 versions 18.1 through 20
Description
A cross-site scripting (XSS) issue exists in the component cgi-bin/ej.cgi, allowing attackers to execute arbitrary web scripts or HTML.
Recommendations
For versions 18.1 through 20, consider restricting access to the vulnerable cgi-bin/ej.cgi component until a patch is available. As a temporary workaround, disabling the execution of web scripts or HTML in this component may help minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ex Libris Aleph 500