CVE-2024-24336

HIGH

8.1

Descricao

A multiple Cross-site scripting (XSS) vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and passwords of users visiting the affected page, via the 'Circulation note' and ‘Patrons Restriction’ components.

Detalhes CVE

Pontuacao CVSS v3.18.1

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioREQUIRED

Publicado3/19/2024

Ultima modificacao9/29/2025

Fontenvd

Avistamentos honeypot0

Fraquezas (CWE)

CWE-352

Referencias

https://nitipoom-jar.github.io/CVE-2024-24336/(cve@mitre.org)

https://nitipoom-jaroonchaipipat.github.io/security-research-portal/2024-24336(cve@mitre.org)

https://nitipoom-jar.github.io/CVE-2024-24336/(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.