CVE-2026-50766

{"id": "CVE-2026-50766", "cveTags": [], "metrics": {}, "affected": [{"source": "cve@mitre.org", "affectedData": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}]}], "published": "2026-06-26T22:16:32.617", "references": [{"url": "http://koha.com", "source": "cve@mitre.org"}, {"url": "https://lgnas.gitbook.io/findings/cve-2026-50766", "source": "cve@mitre.org"}], "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System through 25.11 allows an authenticated remote attacker with edit_items permission to inject arbitrary web scripts via the item public notes field (items.itemnotes)."}], "lastModified": "2026-06-26T22:16:32.617", "sourceIdentifier": "cve@mitre.org"}