Vulnerabilities > Koha > Koha > 21.11.24
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-12 | CVE-2024-24337 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Koha CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components. | 8.0 |
| 2023-09-17 | CVE-2023-5025 | Unspecified vulnerability in Koha A vulnerability was found in KOHA up to 23.05.03. | 5.4 |