HackDig : Dig high-quality web security articles for hacker

CVE-2014-7293 Ex Libris Patron Directory Services (PDS) XSS (Cross-Site Scripting) Security Vulnerability

2014-12-29 05:35
*CVE-2014-7293  Ex Libris Patron Directory Services (PDS) XSS (Cross-Site
Scripting) Security Vulnerability*

Exploit Title: Ex Libris Patron Directory Services (PDS) Logon Page url
Parameter XSS
Product: Ex Libris Patron Directory Services (PDS)
Vendor: Ex Libris
Vulnerable Versions: 2.1 and probability prior
Tested Version: 2.1
Advisory Publication: DEC 29, 2014
Latest Update: DEC 29, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7293
Risk Level: Medium
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

*Advisory Details:*

*(1) Vendor URL:*

*Product Description:*

“Ex Libris is a leading worldwide developer and provider of
high-performance applications for libraries, information centres, and

Patron Directory Services (PDS) module was provides a seamless single
sign-on (SSO) environment for all Ex Libris products. such as, Aleph,
Metalib, Primo, DigiTool, Rosetta …

It is one of the largest library management system which is used by large
numbers of universities and institutions.

*(2) Vulnerability Details:*

However, Patron Directory Services (PDS) can be exploited by XSS Attacks.

*(2.1) *The vulnerability occurs at “PDS” service’s logon page, with “&url”


Wang Jing
School of Physical and Mathematical Sciences (SPMS)
Nanyang Technological University (NTU), Singapore

Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/

Source: 521/ceD/4102/erusolcsidlluf/gro.stsilces

Read:5525 | Comments:0 | Tags: Xss Vulnerability

“CVE-2014-7293 Ex Libris Patron Directory Services (PDS) XSS (Cross-Site Scripting) Security Vulnerability”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)


Tag Cloud