Vulnerabilities (CVE)

Filtered by vendor Slims Subscribe
Filtered by product Slims7 Cendana
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-7242 1 Slims 1 Slims7 Cendana 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.php, bibliography/item_barcode_generator.php, bibliography/printed_card.php, circulation/loan_rules.php, master_file/author.php, master_file/coll_type.php, and master_file/doc_language.php and the quickReturnID field to circulation/ajax_action.php.
CVE-2017-7202 1 Slims 1 Slims7 Cendana 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16. The vulnerabilities exist due to insufficient filtration of user-supplied data (id) passed to the 'slims7_cendana-master/template/default/detail_template.php' and 'slims7_cendana-master/template/default-rtl/detail_template.php' URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.