RSS   Vulnerabilities for 'Aleph 500'   RSS

2020-01-30
 
CVE-2014-3719

CWE-89
 

 
Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find, (2) lib, or (3) sid parameter.

 
 
CVE-2014-3718

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to inject arbitrary web script or HTML via the (1) find, (2) lib, or (3) sid parameter.

 


Copyright 2020, cxsecurity.com

 

Back to Top