Description
Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does not affect: AlCoda NetBiblio WebOPAC version 4.0.0.335 and later versions.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- AlCoda / NetBiblio WebOPACunspecified – 4.0.0.320
- AlCoda / NetBiblio WebOPACnext of 4.0.0.328 – unspecified
- AlCoda / NetBiblio WebOPAC4.0.0.335 – unspecified
Exploits & PoCs
- nucleiNetBiblio WebOPAC - Cross-Site Scriptingby compr00t
References
- VENDOR_ADVISORYhttps://www.redguard.ch/advisories/netbiblio_webopac.txt