CVE-2015-4631

18.10.2018, 21:29

Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl.

Cross-site Scripting

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.4 MEDIUM	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 66%

Vendor	Product	Version
koha	koha	3.14.00 ≤ 𝑥 < 3.14.16
koha	koha	3.16.00 ≤ 𝑥 < 3.16.12
koha	koha	3.18.0 ≤ 𝑥 < 3.18.8
koha	koha	3.20.00 ≤ 𝑥 < 3.20.1

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423

https://koha-community.org/koha-3-14-16-released/

https://koha-community.org/security-release-koha-3-16-12/

https://koha-community.org/security-release-koha-3-18-8/

https://koha-community.org/security-release-koha-3-20-1/

https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html

https://seclists.org/fulldisclosure/2015/Jun/80

https://www.exploit-db.com/exploits/37389/

https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423

https://koha-community.org/koha-3-14-16-released/

https://koha-community.org/security-release-koha-3-16-12/

https://koha-community.org/security-release-koha-3-18-8/

https://koha-community.org/security-release-koha-3-20-1/

https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html

https://seclists.org/fulldisclosure/2015/Jun/80

https://www.exploit-db.com/exploits/37389/

https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/