4 matches found
CVE-2014-9446
Multiple cross-site scripting XSS vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sortby parameter to the 1 opac parameter in opac-search.pl or 2 intranet parameter in catalogue/search.pl...
Koha < 3.16.6, 3.18.x < 3.18.2 Multiple XSS Vulnerabilities - Active Check
Koha is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
CVE-2014-9446
Multiple cross-site scripting XSS vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sortby parameter to the 1 opac parameter in opac-search.pl or 2 intranet parameter in catalogue/search.pl...
CVE-2014-9446
Koha vulnerability CVE-2014-9446 affects the Staff client in Koha versions prior to 3.16.6 and 3.18.x prior to 3.18.2. The issue is multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary script/HTML via the sort_by parameter to (1) opac-search.pl (opac) or (2) c...