No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
| Link | Providers |
|---|---|
| http://koha.com |
|
| https://lgnas.gitbook.io/findings/cve-2026-50767 |
|
Mon, 29 Jun 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Koha
Koha library Management System |
|
| Vendors & Products |
Koha
Koha library Management System |
Mon, 29 Jun 2026 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Stored XSS in Koha Item Type Administration Page |
Mon, 29 Jun 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System through 25.11 allows an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field (checkinmsg) | A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field (checkinmsg). |
Mon, 29 Jun 2026 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Stored Cross‑Site Scripting via Item Type Check‑In Message in Koha Library Management System |
Mon, 29 Jun 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Fri, 26 Jun 2026 23:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Stored Cross‑Site Scripting via Item Type Check‑In Message in Koha Library Management System | |
| Weaknesses | CWE-79 |
Fri, 26 Jun 2026 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System through 25.11 allows an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field (checkinmsg) | |
| References |
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-06-29T17:12:03.291Z
Reserved: 2026-06-07T00:00:00.000Z
Link: CVE-2026-50767
Updated: 2026-06-29T12:52:42.509Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-29T20:08:22Z