A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field (checkinmsg).
Metrics
Affected Vendors & Products
References
| Link | Providers |
|---|---|
| http://koha.com |
|
| https://lgnas.gitbook.io/findings/cve-2026-50767 |
|
History
Mon, 29 Jun 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Koha
Koha library Management System |
|
| Vendors & Products |
Koha
Koha library Management System |
Mon, 29 Jun 2026 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Stored XSS in Koha Item Type Administration Page |
Mon, 29 Jun 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System through 25.11 allows an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field (checkinmsg) | A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field (checkinmsg). |
Mon, 29 Jun 2026 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Stored Cross‑Site Scripting via Item Type Check‑In Message in Koha Library Management System |
Mon, 29 Jun 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Fri, 26 Jun 2026 23:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Stored Cross‑Site Scripting via Item Type Check‑In Message in Koha Library Management System | |
| Weaknesses | CWE-79 |
Fri, 26 Jun 2026 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System through 25.11 allows an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field (checkinmsg) | |
| References |
|
Status: PUBLISHED
Assigner: mitre
Published: 2026-06-26T00:00:00.000Z
Updated: 2026-06-29T17:12:03.291Z
Reserved: 2026-06-07T00:00:00.000Z
Link: CVE-2026-50767
Updated: 2026-06-29T12:52:42.509Z
No data.
No data.