Cross-Site Scripting Vulnerability in Koha from ByWater Solutions
CVE-2015-4639

8.8HIGH

Key Information:

Vendor
Koha
Status
Koha
Vendor
CVE Published:
21 July 2017

Summary

A vulnerability in the opac-addbybiblionumber.pl component of Koha allows remote attackers to exploit cross-site scripting flaws by injecting arbitrary web scripts or HTML code. This can occur when a crafted list name is submitted, leading to unauthorized access and potential manipulation of user web browsers for malicious purposes. Affected versions include Koha 3.14.x, 3.16.x, and 3.20.x, making it critical for users to upgrade to the patched versions to ensure security against these attacks.

References

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=...
x_refsource_CONFIRM
https://koha-community.org/security-release-koha-3-16-12/
x_refsource_CONFIRM
https://koha-community.org/security-release-koha-3-20-1/
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.