CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
48.9%
Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name.
Vendor | Product | Version | CPE |
---|---|---|---|
koha | koha | 3.14.00 | cpe:2.3:a:koha:koha:3.14.00:*:*:*:*:*:*:* |
koha | koha | 3.14.00 | cpe:2.3:a:koha:koha:3.14.00:alpha1:*:*:*:*:*:* |
koha | koha | 3.14.00 | cpe:2.3:a:koha:koha:3.14.00:alpha2:*:*:*:*:*:* |
koha | koha | 3.14.00 | cpe:2.3:a:koha:koha:3.14.00:beta:*:*:*:*:*:* |
koha | koha | 3.14.01 | cpe:2.3:a:koha:koha:3.14.01:*:*:*:*:*:*:* |
koha | koha | 3.14.02 | cpe:2.3:a:koha:koha:3.14.02:*:*:*:*:*:*:* |
koha | koha | 3.14.03 | cpe:2.3:a:koha:koha:3.14.03:*:*:*:*:*:*:* |
koha | koha | 3.14.04 | cpe:2.3:a:koha:koha:3.14.04:*:*:*:*:*:*:* |
koha | koha | 3.14.05 | cpe:2.3:a:koha:koha:3.14.05:*:*:*:*:*:*:* |
koha | koha | 3.14.06 | cpe:2.3:a:koha:koha:3.14.06:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
48.9%