Vulnerability Description
Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.php, bibliography/item_barcode_generator.php, bibliography/printed_card.php, circulation/loan_rules.php, master_file/author.php, master_file/coll_type.php, and master_file/doc_language.php and the quickReturnID field to circulation/ajax_action.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Slims | Slims7 Cendana | <= 2017-03-23 |
Related Weaknesses (CWE)
References
- http://www.daimacn.com/post/10.htmlThird Party Advisory
- http://www.securityfocus.com/bid/97062Third Party AdvisoryVDB Entry
- http://www.daimacn.com/post/10.htmlThird Party Advisory
- http://www.securityfocus.com/bid/97062Third Party AdvisoryVDB Entry
FAQ
What is CVE-2017-7242?
CVE-2017-7242 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.p...
How severe is CVE-2017-7242?
CVE-2017-7242 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7242?
Check the references section above for vendor advisories and patch information. Affected products include: Slims Slims7 Cendana.