Cross-Site Request Forgery Vulnerabilities in Koha Library Software

CVE-2015-4630

What is CVE-2015-4630?

Multiple cross-site request forgery (CSRF) vulnerabilities exist in Koha's Integrated Library System, impacting several versions. Attackers can exploit these vulnerabilities to hijack the authentication of administrators, allowing unauthorized user creation or modification of permissions. Additionally, the vulnerabilities may facilitate XSS attacks, posing a significant risk to the integrity and security of user data and library management functionalities.

References