CVE-2026-50767

Vulnerability Description

A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System through 25.11 allows an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field (checkinmsg)

References

http://koha.com
https://lgnas.gitbook.io/findings/cve-2026-50767

FAQ

What is CVE-2026-50767?

CVE-2026-50767 is a documented vulnerability. A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System through 25.11 allows an authenticated remote attacker with administrator privil...

How severe is CVE-2026-50767?

CVSS scoring is not yet available for CVE-2026-50767. Check NVD for updates.

Is there a patch for CVE-2026-50767?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.