CVE-2024-28740
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-28740
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28740.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-28740
- Published
- 2024-08-06T19:15:56.380Z
- Modified
- 2025-11-20T12:26:29.010701Z
- Severity
-
- 9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component.
- References
Affected packages
Git / github.com/koha-community/koha
Affected ranges
- Type
- GIT
- Repo
- https://github.com/koha-community/koha
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
Other
R_1-2-2RC4
R_1-3-0
R_1-3-1
R_1-3-2
R_1-3-3
R_1-9-0
R_1-9-1
R_1-9-2
R_1-9-3
R_2-0-0RC1
R_2-0-0pre1
R_2-0-0pre2
R_2-0-0pre3
R_2-0-0pre4
R_2-0-0pre5
R_2-1
R_2-4
html_template_pro
v16.*
v16.05.00
v16.05.00-beta
v16.11.00
v17.*
v17.05.00
v17.11.00
v18.*
v18.05.00
v18.05.00-rc1
v18.11.00
v19.*
v19.05.00
v19.11.00
v20.*
v20.05.00
v20.11.00
v21.*
v21.05.00
v21.11.00
v22.*
v22.05.00
v22.11.00
v23.*
v23.05.00
v3.*
v3.00.00
v3.00.00-alpha
v3.00.00-beta
v3.00.00-beta2
v3.00.00-stableRC1
v3.02.00
v3.02.00-alpha
v3.02.00-alpha2
v3.02.00-beta
v3.02.00-rc
v3.04.00
v3.06.00
v3.08.00
v3.12.00-alpha
v3.12.00-alpha2
v3.12.00-beta1
v3.14.00
v3.14.00-alpha1
v3.14.00-alpha2
v3.14.00-beta
v3.16.00
v3.16.00-beta
v3.16.00-rc
v3.18.00
v3.18.00-beta
v3.20.00
v3.20.00-beta
v3.22.00
v3.22.00-beta