ID
VAR-190001-0418
TITLE
Koha OPAC Multiple Cross-Site Scripting Vulnerabilities
Trust: 0.6
DESCRIPTION
Koha is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input to the OPAC (Online Public Access Catalog) interface. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Versions prior to Koha 3.4.2 are vulnerable.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | koha | model: | library software community koha | scope: | eq | version: | 3.4.1 | Trust: 0.3 |
| vendor: | koha | model: | library software community koha | scope: | ne | version: | 3.4.2 | Trust: 0.3 |
THREAT TYPE
remote
Trust: 0.6
TYPE
XSS
Trust: 0.6
EXTERNAL IDS
| db: | BID | id: | 48895 | Trust: 0.9 |
| db: | CNNVD | id: | CNNVD-201107-405 | Trust: 0.6 |
REFERENCES
| url: | http://www.securityfocus.com/bid/48895 | Trust: 0.6 |
| url: | http://en.securitylab.ru/lab/pt-2011-05 | Trust: 0.3 |
| url: | http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6518 | Trust: 0.3 |
| url: | http://koha-community.org/koha-3-4-2/ | Trust: 0.3 |
| url: | http://koha-community.org/ | Trust: 0.3 |
| url: | /archive/1/519000 | Trust: 0.3 |
CREDITS
Yuri Goltsev of Positive Research Lab.
Trust: 0.9
SOURCES
| db: | BID | id: | 48895 |
| db: | CNNVD | id: | CNNVD-201107-405 |
LAST UPDATE DATE
2022-05-17T01:57:30.732000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 48895 | date: | 2011-07-26T00:00:00 |
| db: | CNNVD | id: | CNNVD-201107-405 | date: | 2011-07-28T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 48895 | date: | 2011-07-26T00:00:00 |
| db: | CNNVD | id: | CNNVD-201107-405 | date: | 1900-01-01T00:00:00 |