8.8

CVE-2015-4639

Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KohaKoha Version3.14.00
KohaKoha Version3.14.00 Updatealpha1
KohaKoha Version3.14.00 Updatealpha2
KohaKoha Version3.14.00 Updatebeta
KohaKoha Version3.14.01
KohaKoha Version3.14.02
KohaKoha Version3.14.03
KohaKoha Version3.14.04
KohaKoha Version3.14.05
KohaKoha Version3.14.06
KohaKoha Version3.14.07
KohaKoha Version3.14.08
KohaKoha Version3.14.09
KohaKoha Version3.14.10
KohaKoha Version3.14.11
KohaKoha Version3.14.12
KohaKoha Version3.14.13
KohaKoha Version3.14.14
KohaKoha Version3.14.15
KohaKoha Version3.16.00
KohaKoha Version3.16.00 Updatebeta
KohaKoha Version3.16.00 Updatepkg
KohaKoha Version3.16.00 Updaterc
KohaKoha Version3.16.01
KohaKoha Version3.16.02
KohaKoha Version3.16.03
KohaKoha Version3.16.04
KohaKoha Version3.16.05
KohaKoha Version3.16.06
KohaKoha Version3.16.07
KohaKoha Version3.16.08
KohaKoha Version3.16.09
KohaKoha Version3.16.10
KohaKoha Version3.16.11
KohaKoha Version3.20.00
KohaKoha Version3.20.00 Updatebeta
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.366
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.