CVE-2026-50766
UNKNOWN
NVD
CVSS Score
0
Severity
UNKNOWN
Published
Jun 26, 2026
Vendor
unknown
Description
A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System through 25.11 allows an authenticated remote attacker with edit_items permission to inject arbitrary web scripts via the item public notes field (items.itemnotes).