4 matches found
Koha 3.20.1 - Directory Traversal
Koha 3.20.1 - Directory Traversal Exploit Title: Koha Open Source ILS - Path Traversal in STAFF client Google Dork: Date: 25/06/2015 Exploit Author: Raschin Tavakoli, Bernhard Garn, Peter Aufner and Dimitris Simos - Combinatorial Security Testing Group of SBA Research [email protected] Vendor...
CVE-2014-9446
Multiple cross-site scripting XSS vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sortby parameter to the 1 opac parameter in opac-search.pl or 2 intranet parameter in catalogue/search.pl...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sortby parameter to the 1 opac parameter in opac-search.pl or 2 intranet parameter in catalogue/search.pl...
CVE-2014-9446
Koha vulnerability CVE-2014-9446 affects the Staff client in Koha versions prior to 3.16.6 and 3.18.x prior to 3.18.2. The issue is multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary script/HTML via the sort_by parameter to (1) opac-search.pl (opac) or (2) c...