CVE-2026-50766

Vulnerability Description

A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System through 25.11 allows an authenticated remote attacker with edit_items permission to inject arbitrary web scripts via the item public notes field (items.itemnotes).

Vulnerability Details

Published Date

June 26, 2026

Last Modified

June 26, 2026

Source

NVD

External References

http://koha.com
https://lgnas.gitbook.io/findings/cve-2026-50766

CVE-2026-50766

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment