Hillstone Networks

RULE（RULE ID：337230）

Rule General Information


Release Date:		2022-12-12

Rule Name:		NetBiblio WebOPAC Cross Site Scripting Vulnerability (CVE-2021-42551)

Severity:

CVE ID:

Rule Protection Details


Description:		Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does not affect: AlCoda NetBiblio WebOPAC version 4.0.0.335 and later versions.

Impact:		An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed.

Affected OS:		Windows, Linux, Others

Reference:		https://www.redguard.ch/advisories/netbiblio_webopac.txt

Solutions

Please contact the software vendor to update the software patch.