Primary

Context

Koha Library Management System Cross-Site Scripting Vulnerability in OPAC Search

Vulnerability

A Cross-Site Scripting (XSS) vulnerability has been identified in the OPAC search feature of Koha Library Management System version 24.05. This vulnerability arises because unsanitized input in the search field is reflected in the search history interface. As a result, arbitrary JavaScript can be executed in the user's browser when interacting with this interface.

Impact

Exploitation of this vulnerability allows for remote code execution in the context of the user's browser.

Reproduction

To reproduce this vulnerability, perform a search using the OPAC search field with an XSS payload, such as an image tag (with an invalid image source) using an 'onerror' attribute. After the search, navigate to the Search History section, where the payload will be executed when the Print button is clicked.

Added: Jul 25, 2025, 3:51 PM

Updated: Jul 25, 2025, 3:51 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.0

exploitability

7.9

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.0

exploitability

7.9

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Koha Library Management System Cross-Site Scripting Vulnerability in OPAC Search

Vulnerability

Impact

Reproduction

Affected Products

Koha Library Management System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating