Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-43960: Connect2 online booking system | Academic resources

** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. The attack requires an administrator to go into the Wizard editor and enter an XSS payload within the Page title, Page Instructions, Text before, Text after, or Text on side box. Once this has been done, the administrator must click save and finally wait until any user of the application performs a booking for rental items in the booking area of the application, where the XSS triggers. NOTE: another perspective is that the administrator may require JavaScript to customize any aspect of the page rendering. There is no effective way for the product to defend users in the face of a malicious administrator.

CVE
Open in Source
#xss#vulnerability#ios#java

For easier access and clear presentation of all student resources and services, institutions rely on the leading online booking software, connect2. Highly flexible and customisable, it showcases your resources to best effect, streamlines their administration, and supports both students and staff with its intuitive interface and stress-free booking process.

  • Features
  • Case Studies
  • Demo

Feature highlights

connect2 equipment booking system on a tablet computer

Single booking system

The extensive functionality in connect2 makes it suitable for all of the following:

  • Resource bookings – with the ability to manage large portfolios of equipment for online reservation
  • Rapid checkout/in workflows – highly developed for busy media and equipment stores to save time and ensure accuracy
  • Simple inventory management – for information on status, location, usage and condition of all items at any time
  • Room bookings – for managing fair access and maximising usage of all spaces

Students in a library. Girl on her tablet computer

Online booking interface

The clean, easy-to-use interface enables students to browse and view the resources or services they are authorised to book. The booking process is quick and intuitive, encouraging advance bookings and enabling students to be better organised. Inclusion of further resource information, and dynamic search fields by resource type, helps students to choose the best items to meet their needs.

Bookings are manageable online 24/7, so students can alter times or items booked, renew or cancel bookings as needed.

Computer tablet, camera and video camera

Resource tracking and management

Connect2 provides a clear and accurate overview of resource availability and location at all times, for efficient resource management. Service and repair history and other data can be added to each resource - keeping all equipment information in one central and backed up system.

It offers clear overviews of bookings giving staff the ability to plan resourcing, prepare kit for checkout or manage late returns. New inventory is easily uploaded using connect2 import tools.

Further information on connect2 for resource booking, tracking and management is available here.

Three young students sat around a computer

Communication and messaging

Automatic messaging in connect2 keep students informed about their bookings. It also encourages good attendance and responsible borrowing, with staff spending less time pursuing late returns or following up on no-shows.

Clarity of booking rules for each resource, with terms and conditions of use, support students in knowing what’s expected of them and for better management of their schedules. A personal homepage for each student helps to keep them informed and organised.

No access sign

Booking rules and permissions

Connect2 makes it possible to apply different booking rules and calendars for different types of users, resources or sites. Usage can be optimised to make the most of limited services and resources with booking rules easily flexed as needed. Rules are clearing displayed at the point of booking for better user communication. If a submitted booking breaks a rule, the system suggests alternative timeslots to the user to help them complete their booking.

Booking permissions can be applied by course or year of study, with all students and staff authenticated via connection to Active Directory or another central database. In this way, the service you offer can be tailored for your students. Single Sign-on (SSO) is available, supported via Shibboleth.

Magnifying glass on top of a report graphic

ROI analysis

Institutions use the reporting available in connect2 to make better purchase and resourcing decisions. The data allows them to demonstrate utilisation of popular items or lack of demand for other resources, so they make wiser investment decisions and are more successful in requests for funding. Valuable reports can be created in seconds through the centralised system. Efficient staffing schedules can also be determined using future bookings data.

Case Studies

Case Study: connect2 at SUNY Fredonia

The State University of New York (SUNY) at Fredonia is a four-year liberal arts college. It is a constituent college of the State University of New York, best known for its bachelor’s degree programs in music and education.

Read more

Want to see more?

Contact us for a no-obligation personalised connect2 demo.

Request a demo

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE