Lucene search
K

302 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-15632

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00638EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-22709

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00488EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/27 12:20 a.m.11 views

CVE-2025-52360

A Cross-Site Scripting XSS vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is reflected in the search history interface, leading to the execution of arbitrary JavaScript in the browser context when the user...

8.8CVSS6.1AI score0.00488EPSS
Exploits0References1
NVD
NVD
added 2025/07/25 3:15 p.m.6 views

CVE-2025-52360

A Cross-Site Scripting XSS vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is reflected in the search history interface, leading to the execution of arbitrary JavaScript in the browser context when the user...

8.8CVSS0.00488EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/25 12:0 a.m.3 views

PT-2025-30837 · Koha · Library Management System

Name of the Vulnerable Software and Affected Versions: Koha Library Management System version 24.05 Description: A Cross-Site Scripting XSS vulnerability exists in the OPAC search feature. Unsanitized input entered in the search field is reflected in the search history interface, leading to the...

8.8CVSS5.5AI score0.00488EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/25 12:0 a.m.10 views

CVE-2025-52360

A Cross-Site Scripting XSS vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is reflected in the search history interface, leading to the execution of arbitrary JavaScript in the browser context when the user...

0.00488EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/25 12:0 a.m.3 views

CVE-2025-52360

A Cross-Site Scripting XSS vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is reflected in the search history interface, leading to the execution of arbitrary JavaScript in the browser context when the user...

5.6AI score0.00488EPSS
Exploits0References1
CVE
CVE
added 2025/07/25 12:0 a.m.18 views

CVE-2025-52360

CVE-2025-52360 affects Koha Library Management System (OPAC search) v24.05. Unfiltered input in the search field is reflected in the search history UI, enabling execution of arbitrary JavaScript in the browser context when users interact with the interface. The connected sources confirm the vulne...

8.8CVSS6AI score0.00488EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/25 12:0 a.m.2 views

Koha Library Management System 安全漏洞

Koha Library Management System is a library automation management system from Koha open source. A security vulnerability exists in Koha Library Management System version 24.05, which stems from an improperly cleaned search field entry and could lead to cross-site scripting...

8.8CVSS6.3AI score0.00488EPSS
Exploits0References2
CVE
CVE
added 2025/06/30 3:43 p.m.16 views

CVE-2024-12915

CVE-2024-12915 is a Reflected Cross-Site Scripting vulnerability in Devinim Software Library Software. The issue arises from improper input neutralization during web page generation, affecting Library Software versions before 24.11.02. The practical impact is a reflected XSS vulnerability. Remedi...

4.6CVSS5.8AI score0.0017EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:24 a.m.5 views

CVE-2024-28740

Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component...

9.6CVSS7.3AI score0.00673EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:24 a.m.9 views

CVE-2024-28739

An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter...

9.6CVSS7.8AI score0.17738EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:38 a.m.6 views

CVE-2024-24337

CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components...

8.8CVSS8AI score0.00811EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:28 a.m.5 views

CVE-2024-24336

A multiple Cross-site scripting XSS vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and...

8.1CVSS7.2AI score0.00363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:30 a.m.8 views

CVE-2023-44962

File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component...

5.3CVSS7AI score0.00956EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 2:42 a.m.9 views

CVE-2023-5025

A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has...

5.4CVSS6.4AI score0.00539EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:29 p.m.6 views

CVE-2018-25101

A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file /cgi-bin/koha/opac-MARCdetail.pl. The manipulation of the argument biblionumber with the input 2" leads to cross site scripting. The...

4CVSS6.3AI score0.0046EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:18 a.m.7 views

CVE-2014-9446

Multiple cross-site scripting XSS vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sortby parameter to the 1 opac parameter in opac-search.pl or 2 intranet parameter in catalogue/search.pl...

4.3CVSS6AI score0.0122EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/03/19 10:47 a.m.133 views

Exploit for CVE-2025-22954

Koha CVE-2025-22954: SQL Injection in lateissues-export.pl...

10CVSS8.8AI score0.23247EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/03/19 12:0 a.m.376 views

Koha SQL Injection

Koha versions prior to 24.11.02 suffer from a remote SQL injection vulnerability in C4/Serials.pm. Koha CVE-2025-22954: SQL Injection in lateissues-export.pl Overview This repository contains a proof of concept for CVE-2025-22954, a critical severity CVSS 10.0 SQL injection vulnerability in Koha...

10CVSS8AI score0.23247EPSS
Exploits2
Rows per page
Query Builder