Vulnerabilities > Koha > Koha > 17.11.04
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-06 | CVE-2024-28739 | Command Injection vulnerability in Koha An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter. | 7.2 |
| 2024-08-06 | CVE-2024-28740 | Cross-site Scripting vulnerability in Koha Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component. | 9.6 |
| 2024-02-12 | CVE-2024-24337 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Koha CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components. | 8.0 |
| 2023-09-17 | CVE-2023-5025 | Unspecified vulnerability in Koha A vulnerability was found in KOHA up to 23.05.03. | 5.4 |