Skip to main content
ExLibris

Knowledge Assistant

BETA
  • Subscribe by RSS
  • Back
    Aleph

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      1. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. Aleph
    3. Knowledge Articles
    4. CVE-2014-3718: Cross Site Scripting in Aleph

    CVE-2014-3718: Cross Site Scripting in Aleph

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1. Question
    2. Answer
    • Article Type: Q&A
    • Product: Aleph
    • Product Version: 18

    Question

    We found the following security report CVE-2014-3718 regarding Aleph:
    http://packetstormsecurity.com/files/126654/Aleph-500-Cross-Site-Scripting.html published on May 16, 2014.

    Could you provide any information that you have related to this? Is this something that we should be concerned about?

    Answer

    Following our investigation by reproducing the vulnerabilities with an internal security vulnerability assessment tool, those vulnerabilities are fully fixed in Aleph version 22 (latest version). Our recommendation is to implement version 22.

    Aleph OPAC (without using PDS) is not vulnerable if in $alephe_tab/tab100 is set:
    XSS-VALIDATION=Y
    (V18 - rep_change #1503
    V19 - rep_change #174
    V20 - rep_ver #15191)

    Customers using PDS may still be vulnerable if they are using Aleph versions lower than Aleph 22.


    • Article last edited: 8/13/2014
    View article in the Exlibris Knowledge Center
    1. Back to top
      • Cutover phase upgrade Aleph 18 to 20
      • CVE-2014-3719: SQL Injection Vulnerability in Aleph
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Language
      English
      Product
      Aleph
    2. Tags
      1. 18
      2. contype:kba
      3. Prod:Aleph
      4. Type:Q&A
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved