CVE-2018-25101

Name of the Vulnerable Software and Affected Versions l2c2technologies Koha versions up to 20180108

Description A problematic issue has been found in the processing of the file /cgi-bin/koha/opac-MARCdetail.pl. The manipulation of the biblionumber argument with a malicious input, such as 2"><TEST>, leads to cross-site scripting. This issue can be exploited remotely.

Recommendations For versions up to 20180108, it is recommended to upgrade the affected component to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the /cgi-bin/koha/opac-MARCdetail.pl endpoint or avoiding the use of the biblionumber argument until the issue is resolved.