CVE-2019-7417

Ericsson Active Library Explorer (ALEX) 14.3 is affected by a cross-site scripting (XSS) vulnerability in the /cgi-bin/alexserv servlet. The issue arises from insufficient input validation in multiple parameters (DB, FN, fn, id), allowing injected script to run in a user’s browser. Public exploit...