Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
No data.
No data.
No data available yet.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
| Link | Providers |
|---|---|
| http://koha.com |
|
| https://lgnas.gitbook.io/findings/cve-2026-50765 |
|
Fri, 26 Jun 2026 23:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Authenticated Cross‑Site Scripting in Koha Patron Restriction Type Administration Page | |
| Weaknesses | CWE-79 |
Fri, 26 Jun 2026 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Cross-Site Scripting (XSS) vulnerability in the patron restriction type administration page of Koha Library Management System through 25.11 allows an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label (display_text field) | |
| References |
|
Subscriptions
No data.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-06-26T21:36:48.392Z
Reserved: 2026-06-07T00:00:00.000Z
Link: CVE-2026-50765
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-06-26T23:30:05Z