All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-50766
NONEpublished 2026-06-26 22:16 UTC · 2 days ago
CVSS / 10
// description
A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System through 25.11 allows an authenticated remote attacker with edit_items permission to inject arbitrary web scripts via the item public notes field (items.itemnotes).