5.4
/ 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Description
A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System through 25.11 allows an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field (checkinmsg)
Basic Information
ID
CVE-2026-50767
Source
mitre
Published
Jun 26, 2026 at 00:00
Modified
Jun 29, 2026 at 12:53
Affected Product
Vendor
n/a
Product
n/a
Version
n/a
Affected Versions
n/a n/a n/a