Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities by l2c2technologies

    CVE-2018-25101 (GCVE-0-2018-25101)

    Vulnerability from cvelistv5 – Published: 2024-04-22 01:31 – Updated: 2024-08-05 12:33
    VLAI
    Title
    l2c2technologies Koha opac-MARCdetail.pl cross site scripting
    Summary
    A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file /cgi-bin/koha/opac-MARCdetail.pl. The manipulation of the argument biblionumber with the input 2"><TEST> leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is 950fc8e101886821879066b33e389a47fb0a9782. It is recommended to upgrade the affected component. The identifier VDB-261677 was assigned to this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross Site Scripting
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261677 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261677 signaturepermissions-required
    https://github.com/l2c2technologies/Koha/commit/9… patch
    Impacted products
    Vendor Product Version
    l2c2technologies Koha Affected: 20180108
    Create a notification for this product.
    l2c2technologies Koha Affected: -
        cpe:2.3:a:l2c2technologies:Koha:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    VulDB GitHub Commit Analyzer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:l2c2technologies:Koha:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "Koha",
                "vendor": "l2c2technologies",
                "versions": [
                  {
                    "status": "affected",
                    "version": "-"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-25101",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-22T15:53:44.312953Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:11:55.531Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:33:48.492Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261677 | l2c2technologies Koha opac-MARCdetail.pl cross site scripting",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261677"
              },
              {
                "name": "VDB-261677 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261677"
              },
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/l2c2technologies/Koha/commit/950fc8e101886821879066b33e389a47fb0a9782"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Koha",
              "vendor": "l2c2technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "20180108"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "tool",
              "value": "VulDB GitHub Commit Analyzer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file /cgi-bin/koha/opac-MARCdetail.pl. The manipulation of the argument biblionumber with the input 2\"\u003e\u003cTEST\u003e leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is 950fc8e101886821879066b33e389a47fb0a9782. It is recommended to upgrade the affected component. The identifier VDB-261677 was assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in l2c2technologies Koha bis 20180108 entdeckt. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /cgi-bin/koha/opac-MARCdetail.pl. Durch das Beeinflussen des Arguments biblionumber mit der Eingabe 2\"\u003e\u003cTEST\u003e mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als 950fc8e101886821879066b33e389a47fb0a9782 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-22T01:31:03.752Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261677 | l2c2technologies Koha opac-MARCdetail.pl cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261677"
            },
            {
              "name": "VDB-261677 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261677"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/l2c2technologies/Koha/commit/950fc8e101886821879066b33e389a47fb0a9782"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2018-01-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2018-01-09T00:00:00.000Z",
              "value": "Countermeasure disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-20T17:20:01.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "l2c2technologies Koha opac-MARCdetail.pl cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2018-25101",
        "datePublished": "2024-04-22T01:31:03.752Z",
        "dateReserved": "2024-04-20T15:14:50.860Z",
        "dateUpdated": "2024-08-05T12:33:48.492Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-25101 (GCVE-0-2018-25101)

    Vulnerability from nvd – Published: 2024-04-22 01:31 – Updated: 2024-08-05 12:33
    VLAI
    Title
    l2c2technologies Koha opac-MARCdetail.pl cross site scripting
    Summary
    A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file /cgi-bin/koha/opac-MARCdetail.pl. The manipulation of the argument biblionumber with the input 2"><TEST> leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is 950fc8e101886821879066b33e389a47fb0a9782. It is recommended to upgrade the affected component. The identifier VDB-261677 was assigned to this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross Site Scripting
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261677 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261677 signaturepermissions-required
    https://github.com/l2c2technologies/Koha/commit/9… patch
    Impacted products
    Vendor Product Version
    l2c2technologies Koha Affected: 20180108
    Create a notification for this product.
    l2c2technologies Koha Affected: -
        cpe:2.3:a:l2c2technologies:Koha:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    VulDB GitHub Commit Analyzer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:l2c2technologies:Koha:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "Koha",
                "vendor": "l2c2technologies",
                "versions": [
                  {
                    "status": "affected",
                    "version": "-"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-25101",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-22T15:53:44.312953Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:11:55.531Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:33:48.492Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261677 | l2c2technologies Koha opac-MARCdetail.pl cross site scripting",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261677"
              },
              {
                "name": "VDB-261677 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261677"
              },
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/l2c2technologies/Koha/commit/950fc8e101886821879066b33e389a47fb0a9782"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Koha",
              "vendor": "l2c2technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "20180108"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "tool",
              "value": "VulDB GitHub Commit Analyzer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file /cgi-bin/koha/opac-MARCdetail.pl. The manipulation of the argument biblionumber with the input 2\"\u003e\u003cTEST\u003e leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is 950fc8e101886821879066b33e389a47fb0a9782. It is recommended to upgrade the affected component. The identifier VDB-261677 was assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in l2c2technologies Koha bis 20180108 entdeckt. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /cgi-bin/koha/opac-MARCdetail.pl. Durch das Beeinflussen des Arguments biblionumber mit der Eingabe 2\"\u003e\u003cTEST\u003e mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als 950fc8e101886821879066b33e389a47fb0a9782 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-22T01:31:03.752Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261677 | l2c2technologies Koha opac-MARCdetail.pl cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261677"
            },
            {
              "name": "VDB-261677 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261677"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/l2c2technologies/Koha/commit/950fc8e101886821879066b33e389a47fb0a9782"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2018-01-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2018-01-09T00:00:00.000Z",
              "value": "Countermeasure disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-20T17:20:01.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "l2c2technologies Koha opac-MARCdetail.pl cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2018-25101",
        "datePublished": "2024-04-22T01:31:03.752Z",
        "dateReserved": "2024-04-20T15:14:50.860Z",
        "dateUpdated": "2024-08-05T12:33:48.492Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }