No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
| Link | Providers |
|---|---|
| http://koha.com |
|
| https://lgnas.gitbook.io/findings/cve-2026-50765 |
|
Mon, 29 Jun 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Koha
Koha library Management System |
|
| Vendors & Products |
Koha
Koha library Management System |
Mon, 29 Jun 2026 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Stored XSS in Koha Patron Restriction Type Administration Page |
Mon, 29 Jun 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Cross-Site Scripting (XSS) vulnerability in the patron restriction type administration page of Koha Library Management System through 25.11 allows an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label (display_text field) | A stored cross-site scripting (XSS) vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label (display_text field). |
Mon, 29 Jun 2026 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Authenticated Cross‑Site Scripting in Koha Patron Restriction Type Administration Page |
Mon, 29 Jun 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Fri, 26 Jun 2026 23:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Authenticated Cross‑Site Scripting in Koha Patron Restriction Type Administration Page | |
| Weaknesses | CWE-79 |
Fri, 26 Jun 2026 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Cross-Site Scripting (XSS) vulnerability in the patron restriction type administration page of Koha Library Management System through 25.11 allows an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label (display_text field) | |
| References |
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-06-29T17:01:57.463Z
Reserved: 2026-06-07T00:00:00.000Z
Link: CVE-2026-50765
Updated: 2026-06-29T12:56:40.663Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-29T20:08:24Z