CVEFinder.io

CVE-2026-50766

🔶 medium
🔍 Scan for this CVE
Summary

A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System through 25.11 allows an authenticated remote attacker with edit_items permission to inject arbitrary web scripts via the item public notes field (items.itemnotes).

CVSS Score
-
EPSS Score
0.2
Exploit Probability
Published Date
2026-06-26
First Seen: 2026-06-27
Last Modified 2026-06-26
Source NVD 🔗

📦 Affected Products 0

No affected products information available

🔗 References 2

http://koha.com
https://lgnas.gitbook.io/findings/cve-2026-50766