CVE-2015-4639
UnknownEPSS 0.62%
Last modified
CVE-2015-4639 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name.. EPSS estimates a 0.62% chance of exploitation in the next 30 days.
Description
Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Koha | Koha | 3.14.00 |
| Koha | Koha | 3.14.01 |
| Koha | Koha | 3.14.02 |
| Koha | Koha | 3.14.03 |
| Koha | Koha | 3.14.04 |
| Koha | Koha | 3.14.05 |
| Koha | Koha | 3.14.06 |
| Koha | Koha | 3.14.07 |
| Koha | Koha | 3.14.08 |
| Koha | Koha | 3.14.09 |
| Koha | Koha | 3.14.10 |
| Koha | Koha | 3.14.11 |
| Koha | Koha | 3.14.12 |
| Koha | Koha | 3.14.13 |
| Koha | Koha | 3.14.14 |
| Koha | Koha | 3.14.15 |
| Koha | Koha | 3.16.00 |
| Koha | Koha | 3.16.01 |
| Koha | Koha | 3.16.02 |
| Koha | Koha | 3.16.03 |
| Koha | Koha | 3.16.04 |
| Koha | Koha | 3.16.05 |
| Koha | Koha | 3.16.06 |
| Koha | Koha | 3.16.07 |
| Koha | Koha | 3.16.08 |
| Koha | Koha | 3.16.09 |
| Koha | Koha | 3.16.10 |
| Koha | Koha | 3.16.11 |
| Koha | Koha | 3.20.00 |
References
- http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416#c4Issue Tracking, Third Party Advisory
- http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416#c4Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-4639?
Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name.
How severe is CVE-2015-4639?
Severity scoring for CVE-2015-4639 is pending analysis. The EPSS model estimates a 0.62% probability of exploitation in the next 30 days.
How do I fix CVE-2015-4639?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2015-4639?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST