Greetings: I found on a ALEPH500 (Integrated library management system) Cross Site Scripting;CVE-ID is CVE-2014-3719.Aleph 500, fully meet the industry standard, is an art class perfect librarysolution, the Ex Libris to pursue the essence of philosophy is flexible and easy to use. Ex Libris i
rated library management system)
Affected version: 18.1、 20
Fixed version: ALEPH 500
Author: Shady.Liu DBAppSecurity Co.Ltd.
URL: http://[domain]/cgi-bin/review_m.cgi?docnum=000421742&getreview=1&lib=BGD01'/**/AND/**/'000Andz'%3d'000
Andz
Affected parameter(s): find、li
Greetings:Oh very feel shy, injection parameter "lib, docnum"[0] place: GET, parameter: docnum, type: Single quoted string (default)[1] place: GET, parameter: lib, type: Single quoted stringReplace "lib, docnum" parameter value with "AND 6012=6012AND'SM'='SM'"Could you update information. Thank you
