CVE-2023-5025

A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239866 is the identifier assigned to this vulnerability.

Published: Sep 17, 2023
Updated: Sep 21, 2023
CVE: CVE-2023-5025
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
koha / koha	-	23.05.03.x

https://vuldb.com/?ctiid.239866
https://vuldb.com/?id.239866
https://www.youtube.com/watch?v=b5107YkpgaM

Vulnerability Database

290,301

CVE-2023-5025