VYPR
Medium severity6.1OSV Advisory· Published Sep 6, 2018· Updated Jun 17, 2026

CVE-2018-1000670

CVE-2018-1000670

Description

KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privilege escalation by taking control of higher privileged users browser sessions. This attack appear to be exploitable via Victims must be socially engineered to visit a vulnerable webpage containing malicious payload. This vulnerability appears to have been fixed in 17.11.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Koha/KohaOSV2 versions
    R_1-2-2RC4, R_1-3-0, R_1-3-1, …+ 1 more
    • (no CPE)range: R_1-2-2RC4, R_1-3-0, R_1-3-1, …
    • (no CPE)range: <16.11.13, <17.05.05

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.