CVE-2015-4631

🗓️ 18 Oct 2018 20:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 48 Views🌐 WEB

CVE-2015-4631 XSS vulnerabilities in Koha 3.

Reporter	Title	Published	Views	Family All 9
0day.today	Koha 3.20.1 - Multiple XSS and XSRF Vulnerabilities	26 Jun 201500:00	–	zdt
Circl	CVE-2015-4631	19 Oct 201800:23	–	circl
Cvelist	CVE-2015-4631	18 Oct 201820:00	–	cvelist
Exploit DB	Koha 3.20.1 - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities	26 Jun 201500:00	–	exploitdb
EUVD	EUVD-2015-4650	7 Oct 202500:30	–	euvd
exploitpack	Koha 3.20.1 - Multiple Cross-Site Scripting Cross-Site Request Forgery Vulnerabilities	26 Jun 201500:00	–	exploitpack
NVD	CVE-2015-4631	18 Oct 201821:29	–	nvd
Packet Storm	Koha ILS 3.20.x CSRF / XSS / Traversal / SQL Injection	26 Jun 201500:00	–	packetstorm
Prion	Cross site scripting	18 Oct 201821:29	–	prion

NVD

Node

koha kohaRange3.14.00–3.14.16

OR

koha kohaRange3.16.00–3.16.12

OR

koha kohaRange3.18.0–3.18.8

OR

koha kohaRange3.20.00–3.20.1

Source	Link
bugs	www.bugs.koha-community.org/bugzilla3/show_bug.cgi
sba-research	www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/
packetstormsecurity	www.packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html
seclists	www.seclists.org/fulldisclosure/2015/Jun/80
koha-community	www.koha-community.org/security-release-koha-3-18-8/
exploit-db	www.exploit-db.com/exploits/37389/
koha-community	www.koha-community.org/security-release-koha-3-20-1/
koha-community	www.koha-community.org/security-release-koha-3-16-12/
bugs	www.bugs.koha-community.org/bugzilla3/show_bug.cgi
koha-community	www.koha-community.org/koha-3-14-16-released/

Parameter	Position	Path	Description	CWE
direction	query param	cgi-bin/koha/opac-shelves.pl	Reflective XSS via opac-shelves.pl parameters direction/display	CWE-79
display	query param	cgi-bin/koha/opac-shelves.pl	Reflective XSS via opac-shelves.pl parameters direction/display	CWE-79
tag	query param	cgi-bin/koha/opac-search.pl	Reflective XSS via opac-search.pl parameter tag	CWE-79
value	query param	cgi-bin/koha/authorities/authorities-home.pl	Reflective XSS via authorities-home.pl parameter value	CWE-79
delay	query param	cgi-bin/koha/acqui/lateorders.pl	Reflective XSS via lateorders.pl parameter delay	CWE-79
authtypecode	query param	cgi-bin/koha/admin/auth_subfields_structure.pl	Reflective XSS via auth_subfields_structure.pl parameters authtypecode/tagfield	CWE-79
tagfield	query param	cgi-bin/koha/admin/auth_subfields_structure.pl	Reflective XSS via auth_subfields_structure.pl parameters authtypecode/tagfield	CWE-79
tagfield	query param	cgi-bin/koha/admin/marc_subfields_structure.pl	Reflective XSS via marc_subfields_structure.pl parameter tagfield	CWE-79
limit	query param	cgi-bin/koha/catalogue/search.pl	Reflective XSS via catalogue/search.pl parameter limit	CWE-79
bookseller_filter	query param	cgi-bin/koha/serials/serials-search.pl	Reflective XSS via serials-search.pl parameters	CWE-79

17 Jun 2026 00:27Current

6.8Medium risk

Vulners AI Score6.8

CVSS 23.5

CVSS 35.4

EPSS0.03711

cve-2015-4631 xss koha 3.x security vulnerability cross-site scripting