Cross-Site Scripting Vulnerabilities in Koha Library Software
CVE-2014-9446
Currently unrated
Summary
Koha library software versions before 3.16.6 and 3.18.x before 3.18.2 are susceptible to multiple cross-site scripting vulnerabilities. These vulnerabilities permit remote attackers to inject arbitrary web scripts or HTML code via the sort_by parameter in the opac-search.pl and catalogue/search.pl scripts. Successful exploitation could lead to session hijacking or redirection of users, thereby compromising sensitive information.
References
Timeline
Vulnerability Reserved
Vulnerability published