Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Unknown

CVE-2022-24177

Disclosure Date: March 10, 2022 (last updated October 07, 2023)
A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2014-3719

Disclosure Date: January 30, 2020 (last updated February 21, 2025)
Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find, (2) lib, or (3) sid parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2014-3718

Disclosure Date: January 30, 2020 (last updated February 21, 2025)
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to inject arbitrary web script or HTML via the (1) find, (2) lib, or (3) sid parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0