Back

CVE-2018-25101

April 22, 2024, 1:28 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Koha

  • up to 20180108

Source

cna@vuldb.com

Tags

CVE-2018-25101 details

Published : April 22, 2024, 2:15 a.m.
Last Modified : April 22, 2024, 1:28 p.m.

Description

A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file /cgi-bin/koha/opac-MARCdetail.pl. The manipulation of the argument biblionumber with the input 2"><TEST> leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is 950fc8e101886821879066b33e389a47fb0a9782. It is recommended to upgrade the affected component. The identifier VDB-261677 was assigned to this vulnerability.

CVSS Score

1 2 3.5 4 5 6 7 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

Base Score

3.5

Exploitability Score

Impact Score

Base Severity

LOW

Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

References

URL Source
https://github.com/l2c2technologies/Koha/commit/950fc8e101886821879066b33e389a47fb0a9782 cna@vuldb.com
https://vuldb.com/?ctiid.261677 cna@vuldb.com
https://vuldb.com/?id.261677 cna@vuldb.com
This website uses the NVD API, but is not approved or certified by it.