| Summary | A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System through 25.11 allows an authenticated remote attacker with edit_items permission to inject arbitrary web scripts via the item public notes field (items.itemnotes). |
|---|---|
| Publication Date | June 27, 2026, 7:16 a.m. |
| Registration Date | June 29, 2026, 4:17 a.m. |
| Last Update | June 27, 2026, 7:16 a.m. |