Cross-Site Request Forgery Vulnerabilities in Koha Library Software
CVE-2015-4630
8HIGH
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities exist in Koha's Integrated Library System, impacting several versions. Attackers can exploit these vulnerabilities to hijack the authentication of administrators, allowing unauthorized user creation or modification of permissions. Additionally, the vulnerabilities may facilitate XSS attacks, posing a significant risk to the integrity and security of user data and library management functionalities.
References
CVSS V3.1
Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved