Senayan Library Management System Cross-Site Scripting (XSS) Scanner

The Senayan Library Management System (SLiMS) is a widely used open-source library management software adopted by academic institutions, public libraries, and educational organizations worldwide. It facilitates cataloging, circulation, membership management, and digital resource indexing. The Akasia version (v8.3.1) is part of SLiMS' continuous evolution to support various library workflows. This web-based application is typically deployed on local or cloud-based servers and accessed through a browser. It offers customizable modules and multi-language support, making it versatile for diverse library operations. Given its public-facing nature, maintaining robust security is essential to protect data and users from potential threats.

This scanner targets a reflected Cross-Site Scripting (XSS) vulnerability present in SLiMS 8.3.1 Akasia. The issue arises due to improper sanitization of user-supplied input in the `destination` parameter when the `p` parameter equals 'member'. As a result, malicious scripts can be injected and executed within a user's browser. This vulnerability can be exploited by an attacker to trick users into clicking crafted URLs. Once triggered, it can execute JavaScript in the context of the victim’s session. XSS vulnerabilities such as this can lead to severe client-side impacts if left unresolved.

The vulnerable endpoint is `index.php` (and several of its path variants), where the `destination` parameter improperly reflects input without sanitization. If the `p` parameter is set to 'member', the application responds with the unsanitized `destination` content. The scanner sends crafted GET requests with payloads containing a JavaScript `alert()` invocation. A match is confirmed when the server reflects the payload within the response body and the content type is `text/html`, indicating active vulnerability. This pattern is repeated across various commonly used SLiMS installation paths to maximize detection.

If exploited, this vulnerability can allow attackers to steal session cookies, redirect users to malicious sites, or perform phishing attacks. In a library system, it may lead to unauthorized access to personal member data, manipulation of catalog information, or session hijacking. Additionally, it can damage user trust and expose institutions to reputational harm. Persistent exploitation could also enable deeper attacks through chained vulnerabilities if privileged actions are taken.

REFERENCES

• https://github.com/slims/slims8_akasia/issues/184