L2C2Technologies

**Name of the Vulnerable Software and Affected Versions** l2c2technologies Koha versions up to 20180108 **Description** A problematic issue has been found in the processing of the file /cgi-bin/koha/opac-MARCdetail.pl. The manipulation of the `biblionumber` argument with a malicious input, such as `2"><TEST>`, leads to cross-site scripting. This issue can be exploited remotely. **Recommendations** For versions up to 20180108, it is recommended to upgrade the affected component to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `/cgi-bin/koha/opac-MARCdetail.pl` endpoint or avoiding the use of the `biblionumber` argument until the issue is resolved.