A vulnerability was found in Exlibris Group MetaLib 3.13/4. It has been classified as problematic. This affects some unknown processing. The manipulation with an unknown input leads to a cross site scripting vulnerability. CWE is classifying the issue as CWE-80. This is going to have an impact on integrity. An attacker might be able to inject arbitrary html and script code into the web site. This would alter the appearance and would make it possible to initiate further attacks against site visitors. The summary by CVE is:

Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search.

The weakness was shared 07/20/2007 as not defined posting (Bugtraq). The advisory is shared at securityfocus.com. This vulnerability is uniquely identified as CVE-2007-3835 since 07/17/2007. The exploitability is told to be difficult. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1059.007 for this issue.

It is declared as highly functional.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the databases at SecurityFocus (BID 24978), X-Force (35431) and Secunia (SA26162). The entry 37868 is related to this item.

Productinfoedit

Vendor

• Exlibris Group

Name

• MetaLib

CPE 2.3infoedit

• 🔍
• 🔍

CPE 2.2infoedit

• 🔍
• 🔍

CVSSv3infoedit

CVSSv2infoedit

Exploitinginfoedit

Threat Intelligenceinfoedit

Countermeasuresinfoedit

Timelineinfoedit

Sourcesinfoedit

Entryinfoedit

Comments