Lucene search
K

21 matches found

NVD
NVD
added 5 days ago6 views

CVE-2026-50765

A stored cross-site scripting XSS vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label...

6.1CVSS0.00224EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 5 days ago5 views

CVE-2026-50767

A stored cross-site scripting XSS vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field checkinmsg...

5.8AI score0.002EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago21 views

CVE-2026-50765

A stored cross-site scripting XSS vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label...

0.00224EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

Koha Library Management System 安全漏洞

Koha Library Management System is an open-source library automation system developed by Koha. Versions of the Koha Library Management System prior to 23.05.10 contained security vulnerabilities. These vulnerabilities stemmed from the improper handling of the POST parameter biblist, which could le...

9.8CVSS5.9AI score0.00478EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-22709

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00488EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/27 12:20 a.m.9 views

CVE-2025-52360

A Cross-Site Scripting XSS vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is reflected in the search history interface, leading to the execution of arbitrary JavaScript in the browser context when the user...

8.8CVSS6.1AI score0.00488EPSS
Exploits0References1
NVD
NVD
added 2025/07/25 3:15 p.m.3 views

CVE-2025-52360

A Cross-Site Scripting XSS vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is reflected in the search history interface, leading to the execution of arbitrary JavaScript in the browser context when the user...

8.8CVSS0.00488EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/25 12:0 a.m.8 views

CVE-2025-52360

A Cross-Site Scripting XSS vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is reflected in the search history interface, leading to the execution of arbitrary JavaScript in the browser context when the user...

0.00488EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/25 12:0 a.m.2 views

CVE-2025-52360

A Cross-Site Scripting XSS vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is reflected in the search history interface, leading to the execution of arbitrary JavaScript in the browser context when the user...

5.6AI score0.00488EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/25 12:0 a.m.3 views

PT-2025-30837 · Koha · Library Management System

Name of the Vulnerable Software and Affected Versions: Koha Library Management System version 24.05 Description: A Cross-Site Scripting XSS vulnerability exists in the OPAC search feature. Unsanitized input entered in the search field is reflected in the search history interface, leading to the...

8.8CVSS5.5AI score0.00488EPSS
Exploits0References2
CVE
CVE
added 2025/07/25 12:0 a.m.17 views

CVE-2025-52360

CVE-2025-52360 affects Koha Library Management System (OPAC search) v24.05. Unfiltered input in the search field is reflected in the search history UI, enabling execution of arbitrary JavaScript in the browser context when users interact with the interface. The connected sources confirm the vulne...

8.8CVSS6AI score0.00488EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:38 a.m.5 views

CVE-2024-24337

CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components...

8.8CVSS8AI score0.00811EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:28 a.m.5 views

CVE-2024-24336

A multiple Cross-site scripting XSS vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and...

8.1CVSS7.2AI score0.00363EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/19 12:0 a.m.14 views

CVE-2024-24336

A multiple Cross-site scripting XSS vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and...

6AI score0.00363EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/19 12:0 a.m.14 views

CVE-2024-24336

A multiple Cross-site scripting XSS vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and...

6.2AI score0.00363EPSS
Exploits0References2
CVE
CVE
added 2024/03/19 12:0 a.m.49 views

CVE-2024-24336

CVE-2024-24336 describes a multiple XSS vulnerability in Koha Library Management System (versions 23.05.05 and earlier) affecting the endpoints /members/moremember.pl and /members/members-home.pl. The underlying issue allows malicious staff users to perform CSRF actions that can change usernames ...

8.1CVSS6AI score0.00363EPSS
Exploits0References2
OSV
OSV
added 2024/02/12 10:15 p.m.12 views

CVE-2024-24337

CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components...

8CVSS7.3AI score0.00811EPSS
Exploits1References2
Prion
Prion
added 2024/02/12 10:15 p.m.13 views

Input validation

CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components...

7.6AI score0.00811EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/02/12 12:0 a.m.30 views

CVE-2024-24337

CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components...

7.3AI score0.00811EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/02/12 12:0 a.m.10 views

CVE-2024-24337

CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components...

7.4AI score0.00811EPSS
Exploits1References2
Rows per page
Query Builder