Vulnerabilities > CVE-2007-3569 - Cross-Site Scripting vulnerability in Oliver

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
softlink-europe
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the (1) updateform and (2) displayform parameter to (a) gateway/gateway.exe; the (3) TERMS, (4) database, (5) srchad, (6) SuggestedSearch, and (7) searchform parameters to the (b) "Basic Search page"; and (8) username parameter when (c) logging on.

Vulnerable Configurations

Part Description Count
Application
Softlink_Europe
1

Exploit-Db

descriptionOliver Multiple Cross-Site Scripting Vulnerabilities. CVE-2007-3569. Webapps exploit for cgi platform
idEDB-ID:30263
last seen2016-02-03
modified2007-07-03
published2007-07-03
reporterA. R.
sourcehttps://www.exploit-db.com/download/30263/
titleOliver Multiple Cross-Site Scripting Vulnerabilities