302 matches found
EUVD-2022-15632
Malicious code in bioql PyPI...
EUVD-2025-22709
Malicious code in bioql PyPI...
CVE-2025-52360
A Cross-Site Scripting XSS vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is reflected in the search history interface, leading to the execution of arbitrary JavaScript in the browser context when the user...
CVE-2025-52360
A Cross-Site Scripting XSS vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is reflected in the search history interface, leading to the execution of arbitrary JavaScript in the browser context when the user...
PT-2025-30837 · Koha · Library Management System
Name of the Vulnerable Software and Affected Versions: Koha Library Management System version 24.05 Description: A Cross-Site Scripting XSS vulnerability exists in the OPAC search feature. Unsanitized input entered in the search field is reflected in the search history interface, leading to the...
CVE-2025-52360
A Cross-Site Scripting XSS vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is reflected in the search history interface, leading to the execution of arbitrary JavaScript in the browser context when the user...
CVE-2025-52360
A Cross-Site Scripting XSS vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is reflected in the search history interface, leading to the execution of arbitrary JavaScript in the browser context when the user...
CVE-2025-52360
CVE-2025-52360 affects Koha Library Management System (OPAC search) v24.05. Unfiltered input in the search field is reflected in the search history UI, enabling execution of arbitrary JavaScript in the browser context when users interact with the interface. The connected sources confirm the vulne...
Koha Library Management System 安全漏洞
Koha Library Management System is a library automation management system from Koha open source. A security vulnerability exists in Koha Library Management System version 24.05, which stems from an improperly cleaned search field entry and could lead to cross-site scripting...
CVE-2024-12915
CVE-2024-12915 is a Reflected Cross-Site Scripting vulnerability in Devinim Software Library Software. The issue arises from improper input neutralization during web page generation, affecting Library Software versions before 24.11.02. The practical impact is a reflected XSS vulnerability. Remedi...
CVE-2024-28740
Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component...
CVE-2024-28739
An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter...
CVE-2024-24337
CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components...
CVE-2024-24336
A multiple Cross-site scripting XSS vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and...
CVE-2023-44962
File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component...
CVE-2023-5025
A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has...
CVE-2018-25101
A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file /cgi-bin/koha/opac-MARCdetail.pl. The manipulation of the argument biblionumber with the input 2" leads to cross site scripting. The...
CVE-2014-9446
Multiple cross-site scripting XSS vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sortby parameter to the 1 opac parameter in opac-search.pl or 2 intranet parameter in catalogue/search.pl...
Exploit for CVE-2025-22954
Koha CVE-2025-22954: SQL Injection in lateissues-export.pl...
Koha SQL Injection
Koha versions prior to 24.11.02 suffer from a remote SQL injection vulnerability in C4/Serials.pm. Koha CVE-2025-22954: SQL Injection in lateissues-export.pl Overview This repository contains a proof of concept for CVE-2025-22954, a critical severity CVSS 10.0 SQL injection vulnerability in Koha...