OSI Security: Civica Spydus Library Management System (LMS) -
Civica Spydus Library Management System (LMS) - Cross-site Scripting
Vulnerability
http://www.osisecurity.com.au/advisories/civica-spydus-library-management-s=
ystem-cross-site-scripting
Release Date:
04-May-2011
Software:
Civica - Spydus
http://www.civicaplc.com/
"Libraries and information service providers continue to deal with
far-reaching changes while addressing growing demands for improved
service standards and greater efficiency. Drawing on Civica=92s
extensive experience of delivering library management solutions around
the world, Spydus helps libraries to deliver modern responsive
services, easier access and improved efficiency."
Versions tested:
Unknown / unconfirmed.
Vulnerability discovered:
Cross-site Scripting
Vulnerability impact:
Low - Remote content may contain JavaScript which is client executed.
May be used to steal authentication information etc.
Vulnerability information:
The remote page may contain JavaScript for XSS purposes, e.g. cookies.
Example: