Koha 安全漏洞

Koha is a library automation management system developed by the Koha organization. Versions of Koha prior to 25.11 contained a security vulnerability, which stemmed from a cross-site scripting vulnerability in the News feature. This vulnerability could allow remote attackers to execute arbitrary...

CVE-2026-26377

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function...

CVE-2018-1000670

KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Scripting XSS vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=number ,...

CVE-2018-1000669

KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Request Forgery CSRF vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments a...

EUVD-2018-1999

Malware in sbrugna...

EUVD-2018-1998

Malware in sbrugna...

EUVD-2022-15632

Malicious code in bioql PyPI...

PT-2024-22550 · Koha Ils · Koha Ils

Name of the Vulnerable Software and Affected Versions: Koha ILS versions 23.05 and earlier Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the format parameter. Recommendations: For versions 23.05 and earlier, update to a version that contains a f...

CVE-2024-24336

A multiple Cross-site scripting XSS vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and...

Koha Library Management System Cross-Site Scripting Vulnerability

Library Management System is a library management system with QR code attendance and automatic library card generation by King Albaracin Individual Developer. A cross-site scripting vulnerability exists in Koha Library Management System version 23.05.05 and earlier, which stems from a cross-site...

KOHA Cross-Site Scripting Vulnerability

KOHA is a library automation system product by Parantez Teknoloji Individual Developer A cross-site scripting vulnerability exists in KOHA version 23.05.03 and earlier, which stems from a cross-site scripting XSS vulnerability in the component MARC...

CVE-2022-0495

The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01...

CVE-2018-1000669

KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Request Forgery CSRF vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments a...

Cross site scripting

KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Scripting XSS vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=number ,...

CVE-2018-1000669

KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Request Forgery CSRF vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments a...

Cross site request forgery (csrf)

KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Request Forgery CSRF vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments a...

CVE-2018-1000669

CVE-2018-1000669 | KOHA Library System contains a CSRF vulnerability in /cgi-bin/koha/members/paycollect.pl affecting borrowernumber, amount, amountoutstanding, and paid. An attacker can result in marking payments as paid for certain users on behalf of Administrators, via a socially engineered li...

CVE-2018-1000670

KOHA Library System versions 16.11.x (up to 16.11.13) and 17.05.x (up to 17.05.05) are affected by a Cross Site Scripting (XSS) vulnerability in multiple fields across several pages (e.g., /cgi-bin/koha/acqui/supplier.pl?op=enter, /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number], /cgi-bi...

CVE-2018-1000670

KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Scripting XSS vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=number ,...