CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5025 – KOHA MARC search.pl cross site scripting
https://notcve.org/view.php?id=CVE-2023-5025
17 Sep 2023 — A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. • https://vuldb.com/?ctiid.239866 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2014-1925
https://notcve.org/view.php?id=CVE-2014-1925
24 Jan 2020 — SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924. Una vulnerabilidad de inyección SQL en la función MARC framework import/export (archivo admin/import_export_framework.pl) en Koha versiones anterior... • http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2014-1924
https://notcve.org/view.php?id=CVE-2014-1924
24 Jan 2020 — The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. La función MARC framework import/export (archivo admin/import_export_framework.pl) en Koha versiones anteriores a 3.8.23, versiones 3.10.x anteriores a 3.10.13, versiones 3.12.x anteriores a 3.12.10 y versiones 3.14.x an... • http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2014-1922
https://notcve.org/view.php?id=CVE-2014-1922
24 Jan 2020 — Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors. Una vulnerabilidad de salto de ruta en el archivo tools/pdfViewer.pl en Koha versiones anteriores a 3.8.23, versiones 3.10.x anteriores a 3.10.13, versiones 3.12.x anteriores a 3.12.10 y versiones 3.14.x anteriores a 3.14.3, permite a atacantes remotos leer archivos arbitrarios por me... • http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2014-1923
https://notcve.org/view.php?id=CVE-2014-1923
24 Jan 2020 — Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors. Múltiples vulnerabilidades de Salto de Directorio en el (1) editor de ayuda de la interfaz del personal (archivo edithelp.pl) o (2) el archivo member-picupload.pl en Koha versiones anteriores a 3.8.23, versiones 3.10.... • http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2014-9446
https://notcve.org/view.php?id=CVE-2014-9446
02 Jan 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl. Múltiples vulnerabilidades de XSS en el client Staff en Koha anterior a 3.16.6 y 3.18.x anterior a 3.18.2 permiten a atacantes remotos inyecdtar secuencias de comandos web o HTML arbitrarios a través del parámet... • http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13425 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •