Lucene search
K

149 matches found

OSV
OSV
added 2026/06/26 12:0 a.m.3 views

CVE-2026-50766

A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...

5.4CVSS5.9AI score0.00196EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52982

Name of the Vulnerable Software and Affected Versions Koha Library Management System versions 0 through 25.11 Description A stored cross-site scripting XSS issue exists in the OPAC item detail page. An authenticated remote attacker with edit items permission can inject arbitrary web scripts throu...

5.4CVSS5.8AI score0.00196EPSS
Exploits1References6
CVE
CVE
added 2026/06/26 12:0 a.m.9 views

CVE-2026-50766

CVE-2026-50766 is a stored XSS vulnerability in the Koha Library Management System (OPAC item detail page) up to version 25.11. An authenticated user with the ability to edit items can inject arbitrary web scripts via the item public notes field (items.itemnotes). The connected documents confirm ...

5.4CVSS5.8AI score0.00196EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:0 a.m.5 views

CVE-2026-50766

A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...

5.4CVSS5.8AI score0.00196EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/26 12:0 a.m.6 views

CVE-2026-50766

A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...

5.8AI score0.00196EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/08 5:0 a.m.7 views

CVE-2024-36058

The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter biblist in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database...

9.8CVSS6.1AI score0.00478EPSS
Exploits1References1
NVD
NVD
added 2026/04/07 5:16 p.m.3 views

CVE-2024-36058

The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter biblist in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database...

9.8CVSS0.00478EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/07 12:0 a.m.3 views

CVE-2024-36058

The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter biblist in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database...

6.1AI score0.00478EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-30881

The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter bib list in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database...

6.1AI score0.00478EPSS
Exploits1References5
CVE
CVE
added 2026/04/07 12:0 a.m.8 views

CVE-2024-36058

CVE-2024-36058 (Koha) is a time-based SQL injection affecting the Send Basket feature. Vulnerable in Koha Library before 23.05.10, the issue stems from unsanitized POST parameter bib_list in /cgi-bin/koha/opac-sendbasket.pl, enabling a library user to read arbitrary data from the database. Multip...

9.8CVSS6.1AI score0.00478EPSS
Exploits1References4
OSV
OSV
added 2026/04/07 12:0 a.m.1 views

CVE-2024-36058

The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter biblist in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database...

9.8CVSS6.2AI score0.00478EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/11/27 4:59 p.m.12 views

CVE-2025-61167

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opaccss/ajaxselector.php component via the id and datas parameters...

6.5CVSS8.4AI score0.00183EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/25 9:32 p.m.6 views

EUVD-2025-199634

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opaccss/ajaxselector.php component via the id and datas parameters...

6.5CVSS7.9AI score0.00183EPSS
Exploits0References5
OSV
OSV
added 2025/11/25 7:15 p.m.5 views

CVE-2025-61167

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opaccss/ajaxselector.php component via the id and datas parameters...

6.5CVSS5.8AI score0.00183EPSS
Exploits0References4
CVE
CVE
added 2025/11/25 12:0 a.m.10 views

CVE-2025-61167

SIGB PMB v8.0.1.14 contains multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php component, exploitable via the id and datas parameters. Root cause: improper handling of user-supplied input in that endpoint allows SQL commands to be injected, potentially leading to unauthoriz...

6.5CVSS8.1AI score0.00183EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.6 views

PT-2025-48069

Name of the Vulnerable Software and Affected Versions SIGB PMB version 8.0.1.14 Description The software contains multiple SQL injection flaws in the /opac css/ajax selector.php component. These flaws are triggered through the id and datas parameters. The component is susceptible to manipulation...

6.5CVSS7.6AI score0.00183EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/11/25 12:0 a.m.7 views

SIGB PMB 安全漏洞

SIGB PMB is an open source integrated library management system from SIGB. A security vulnerability exists in SIGB PMB version v8.0.1.14, which stems from improper handling of the parameters id and datas in the component /opaccss/ajaxselector.php, which could lead to a SQL injection attack...

6.5CVSS7.7AI score0.00183EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-4652

Malware in sbrugna...

9.8CVSS9.3AI score0.06022EPSS
Exploits8References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-13853

Malware in sbrugna...

4CVSS4.6AI score0.0046EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-9181

Malware in sbrugna...

9.8CVSS9.5AI score0.02839EPSS
Exploits1References2
Rows per page
Query Builder