Loading market data...
← Back to CVE feed

CVE-2026-50766

UNKNOWN View on NVD ↗

Description

A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System through 25.11 allows an authenticated remote attacker with edit_items permission to inject arbitrary web scripts via the item public notes field (items.itemnotes).

Published: Jun 26, 2026 22:16 UTC Modified: Jun 26, 2026 22:16 UTC