GHSA-vpm8-cwf9-2c7wMediumCVSS 5.4

A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library...

Published
June 27, 2026
Last Modified
June 29, 2026

🔗 CVE IDs covered (1)

📋 Description

A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System through 25.11 allows an authenticated remote attacker with edit_items permission to inject arbitrary web scripts via the item public notes field (items.itemnotes).

🔗 References (4)