VYPR
Unrated severityNVD Advisory· Published Oct 18, 2018· Updated Aug 6, 2024

CVE-2015-4631

CVE-2015-4631

Description

Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Koha/Kohainferred2 versions
    >=3.14.0,<3.14.16 || >=3.16.0,<3.16.12 || >=3.18.0,<3.18.08 || >=3.20.0,<3.20.1+ 1 more
    • (no CPE)range: >=3.14.0,<3.14.16 || >=3.16.0,<3.16.12 || >=3.18.0,<3.18.08 || >=3.20.0,<3.20.1
    • (no CPE)range: <3.14.16, <3.16.12, <3.18.08, <3.20.1

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.