CVE-2015-4631

Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*
cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*
cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*
cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*

Information

Published : 2018-10-18 14:29

Updated : 2018-12-04 12:01


NVD link : CVE-2015-4631

Mitre link : CVE-2015-4631


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

koha

  • koha