Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
No data.
No data.
No data available yet.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
| Link | Providers |
|---|---|
| http://koha.com |
|
| https://lgnas.gitbook.io/findings/cve-2026-50767 |
|
Fri, 26 Jun 2026 23:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Stored Cross‑Site Scripting via Item Type Check‑In Message in Koha Library Management System | |
| Weaknesses | CWE-79 |
Fri, 26 Jun 2026 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System through 25.11 allows an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field (checkinmsg) | |
| References |
|
Subscriptions
No data.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-06-26T21:39:20.784Z
Reserved: 2026-06-07T00:00:00.000Z
Link: CVE-2026-50767
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-06-26T23:30:05Z