CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5025 – KOHA MARC search.pl cross site scripting
https://notcve.org/view.php?id=CVE-2023-5025
17 Sep 2023 — A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. • https://vuldb.com/?ctiid.239866 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 36EXPL: 0CVE-2015-4639
https://notcve.org/view.php?id=CVE-2015-4639
21 Jul 2017 — Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name. Hay una vulnerabilidad de tipo Cross-Site Scripting (XSS) en la biblioteca opac-addbybiblionumber.pl en Koha versión 3.14.x anterior a 3.14.16, versión 3.16.x anterior a 3.16.12 y versión 3.20.x anterior a 3.20.1, permite a los atacantes remotos inyectar script web o HTML ar... • http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416#c4 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 3CVE-2015-4632 – Koha 3.20.1 - Directory Traversal
https://notcve.org/view.php?id=CVE-2015-4632
26 Jun 2015 — Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search. Múltiples vulnerabilidades Cross-Site Scripting (XSS) en Koha, en versiones 3.14.x anteriores a la 3.14.16, versiones 3.16.x anteriores a la 3.16.12, versiones 3.18.x anteriores a la 3.18.08 ... • https://packetstorm.news/files/id/132458 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 7CVE-2015-4633 – Koha 3.20.1 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2015-4633
26 Jun 2015 — Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface. Múltiples vulnerabilidades Cross-Site Scripting (XSS) en Koha, en versiones 3.... • https://packetstorm.news/files/id/132458 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 7CVE-2015-4631 – Koha 3.20.1 - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-4631
26 Jun 2015 — Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the... • https://packetstorm.news/files/id/132458 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 5CVE-2015-4630 – Koha 3.20.1 - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-4630
26 Jun 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via th... • https://packetstorm.news/files/id/132458 • CWE-352: Cross-Site Request Forgery (CSRF) •