Products
Koha
- up to 20180108
Source
cna@vuldb.com
Tags
CVE-2018-25101 details
Last Modified : April 22, 2024, 1:28 p.m.
Description
A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file /cgi-bin/koha/opac-MARCdetail.pl. The manipulation of the argument biblionumber with the input 2"><TEST> leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is 950fc8e101886821879066b33e389a47fb0a9782. It is recommended to upgrade the affected component. The identifier VDB-261677 was assigned to this vulnerability.
CVSS Score
1 | 2 | 3.5 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
Base Score
3.5
Exploitability Score
Impact Score
Base Severity
LOW
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
References
URL | Source |
---|---|
https://github.com/l2c2technologies/Koha/commit/950fc8e101886821879066b33e389a47fb0a9782 | cna@vuldb.com |
https://vuldb.com/?ctiid.261677 | cna@vuldb.com |
https://vuldb.com/?id.261677 | cna@vuldb.com |