4 matches found
CVE-2014-9446
Multiple cross-site scripting XSS vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sortby parameter to the 1 opac parameter in opac-search.pl or 2 intranet parameter in catalogue/search.pl...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sortby parameter to the 1 opac parameter in opac-search.pl or 2 intranet parameter in catalogue/search.pl...
CVE-2014-9446
Multiple cross-site scripting XSS vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sortby parameter to the 1 opac parameter in opac-search.pl or 2 intranet parameter in catalogue/search.pl...
CVE-2014-9446
Koha vulnerability CVE-2014-9446 affects the Staff client in Koha versions prior to 3.16.6 and 3.18.x prior to 3.18.2. The issue is multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary script/HTML via the sort_by parameter to (1) opac-search.pl (opac) or (2) c...