VYPR

Koha

by Koha

Source repositories

CVEs (31)

  • CVE-2026-26377Mar 5, 2026
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function.

  • CVE-2024-28740Aug 6, 2024
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component.

  • CVE-2024-24337Feb 12, 2024
    risk 0.00cvss epss 0.01

    CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components.

  • CVE-2023-44961Oct 11, 2023
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component.

  • CVE-2023-5025Sep 17, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated…

  • CVE-2014-1925Jan 24, 2020
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via…

  • CVE-2014-1924Jan 24, 2020
    risk 0.00cvss epss 0.02

    The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via…

  • CVE-2014-1922Jan 24, 2020
    risk 0.00cvss epss 0.02

    Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2014-1923Jan 24, 2020
    risk 0.00cvss epss 0.03

    Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via…

  • CVE-2014-9446Jan 2, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in…

  • CVE-2011-4715Dec 8, 2011
    risk 0.00cvss epss 0.09

    Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related…

Page 2 of 2