GHSA-vpm8-cwf9-2c7wMediumCVSS 5.4
A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library...
🔗 CVE IDs covered (1)
📋 Description
A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System through 25.11 allows an authenticated remote attacker with edit_items permission to inject arbitrary web scripts via the item public notes field (items.itemnotes).