Vulnerability Description
A multiple Cross-site scripting (XSS) vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and passwords of users visiting the affected page, via the 'Circulation note' and ‘Patrons Restriction’ components.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://nitipoom-jar.github.io/CVE-2024-24336/
- https://nitipoom-jaroonchaipipat.github.io/security-research-portal/2024-24336
- https://nitipoom-jar.github.io/CVE-2024-24336/
FAQ
What is CVE-2024-24336?
CVE-2024-24336 is a vulnerability with a CVSS score of 8.1 (HIGH). A multiple Cross-site scripting (XSS) vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows ...
How severe is CVE-2024-24336?
CVE-2024-24336 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-24336?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.