exploitDog

GHSA-6prr-pwcp-42fh

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl.

Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl.

Ссылки

EPSS

Процентиль: 57%

0.00357

Низкий

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2014-9446

nvd

около 11 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl.

CVE-2014-9446

debian

около 11 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the Staff clien ...

EPSS

Процентиль: 57%

0.00357

Низкий

CVE ID

Дефекты

CWE-79