Vulnerabilities > Koha > Koha > 17.05.04
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-17 | CVE-2023-5025 | Cross-site Scripting vulnerability in Koha A vulnerability was found in KOHA up to 23.05.03. | 5.4 |
2018-09-06 | CVE-2018-1000670 | Cross-site Scripting vulnerability in Koha KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privilege escalation by taking control of higher privileged users browser sessions. | 4.3 |
2018-09-06 | CVE-2018-1000669 | Cross-Site Request Forgery (CSRF) vulnerability in Koha KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. | 6.8 |