Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

olms-xss.txt

🗓️ 07 Jul 2007 00:00:00Reported by A. R.Type 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 36 Views

XSS vulnerabilities found in Oliver Library Management System for Schools, allowing attackers to execute malicious scripts through GET and POST parameters and username login field.

Code
`BACKGROUND  
==========  
"Oliver is the web-based Library Management System for Schools. Softlink  
has built on the understanding of thousands of school clients, over many  
years, and has designed a new system for school libraries and learning  
resource centres in the 21st century"  
-- from http://www.softlink.co.uk:  
  
  
DETAILS  
=======  
During a penetration test for an educational institution, several XSS  
vulnerabilities were found in their Oliver installations. Due to the  
test constraints it was not possible to ascertain the exact version of  
the product, but all instances that have been tested have been found  
trivially vulnerable  
  
Some of the vulnerable input fields include:  
  
1) GET parameters  
http://www.victim.com/oliver/gateway/gateway.exe?X_=000f&application=Oliver&displayform=main&updateform="><script>alert("XSS");</script>  
http://www.victim.com/oliver/gateway/gateway.exe?X_=000f&displayform=main"><script>alert("XSS");</script>  
  
2) POST parameters in search forms  
In the Basic Search page, the following parameters are vulnerable:  
- TERMS  
- database  
- srchad  
- SuggestedSearch  
- searchform  
  
As a Proof-Of-Concept exploit, the following string can be appended to  
any of the listed parameters:  
"><script>alert("xss");</script>  
  
3) Username login field:  
The application also fails to properly filter the username parameter, as  
can be seen when passing to the application the following string as  
username:  
  
--><script>alert("xss")</script>  
  
  
  
VENDOR RESPONSE  
===============  
15/06/2007 Vendor contacted. No response received  
25/06/2007 Vendor contacted for the second time. No response received  
03/07/2007 Advisory published  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Jul 2007 00:00Current
7.4High risk
Vulners AI Score7.4
oliver library management systemxss vulnerabilitiesget parameterspost parametersusername login fieldeducational institutionpenetration testproof-of-concept exploitvendor response
36