Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privilege escalation by taking control of higher privileged users browser sessions. This attack appear to be exploitable via Victims must be socially engineered to visit a vulnerable webpage containing malicious payload. This vulnerability appears to have been fixed in 17.11.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
KOHA Library System 跨站脚本漏洞
Vulnerability Description
KOHA Library System是Koha社区开发的一套开源的图书馆自动化系统(ILS)。该系统提供分类、检索、成员和顾客管理等功能。 KOHA Library System 16.11.x版本至16.11.13之前版本和17.05.x版本至17.05.05之前版本中的多个页面存在跨站脚本漏洞。远程攻击者可利用该漏洞控制高权限用户浏览器的会话。(多个页面包括:/cgi-bin/koha/acqui/supplier.pl?op=enter、/cgi-bin/koha/circ/circulation
CVSS Information
N/A
Vulnerability Type
N/A