Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha prior to 3.16.6 and 3.18.x prior to 3.18.2 allow remote malicious users to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
koha koha 3.18.1 |
||
koha koha 3.18.0 |
||
koha koha |