2 matches found
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to 1 hijack the authentication of administrators for requests that create a user via a request to...
CVE-2015-4631
Multiple cross-site scripting XSS vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the 1 tag parameter to opac-search.pl; the 2 value parameter to...