2 matches found
CVE-2014-7293
CVE-2014-7293 describes a cross-site scripting (XSS) vulnerability on the login page of NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS). The issue allows remote attackers to inject arbitrary web script or HTML via the url parameter. According to the record, t...
CVE-2014-7294
CVE-2014-7294 is an open redirect vulnerability in the logon page of Ex Libris Patron Directory Services (PDS) OpenSSO Integration 2.1 and earlier . The root cause is improper redirect handling in the login flow, allowing remote attackers to craft a URL with a redirect target in the url parameter...