Cross-Site Scripting Vulnerabilities in Koha Library Software
CVE-2014-9446

Currently unrated

Key Information:

Vendor

Koha

Status
Koha
Vendor
CVE Published:
2 January 2015

What is CVE-2014-9446?

Koha library software versions before 3.16.6 and 3.18.x before 3.18.2 are susceptible to multiple cross-site scripting vulnerabilities. These vulnerabilities permit remote attackers to inject arbitrary web scripts or HTML code via the sort_by parameter in the opac-search.pl and catalogue/search.pl scripts. Successful exploitation could lead to session hijacking or redirection of users, thereby compromising sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://koha-community.org/koha-3-16-6-release/
x_refsource_CONFIRM
http://www.securityfocus.com/bid/71803
vdb-entryx_refsource_BID
http://koha-community.org/koha-3-18-2-release/
x_refsource_CONFIRM

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.