Описание
A Cross-Site Scripting (XSS) vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is reflected in the search history interface, leading to the execution of arbitrary JavaScript in the browser context when the user interacts with the interface.
EPSS
Процентиль: 14%
0.00045
Низкий
8.8 High
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 8.8
github
7 месяцев назад
A Cross-Site Scripting (XSS) vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is reflected in the search history interface, leading to the execution of arbitrary JavaScript in the browser context when the user interacts with the interface.
EPSS
Процентиль: 14%
0.00045
Низкий
8.8 High
CVSS3
Дефекты
CWE-79