PT-2026-23454 · Koha · Koha
G03M0N
·
Published
2026-03-05
·
Updated
2026-03-08
·
CVE-2026-26377
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Koha versions 25.11 and earlier
Description
A Cross Site Scripting issue exists in Koha. A remote attacker may be able to execute arbitrary code through the News function. The issue allows for the injection of malicious scripts into web pages viewed by other users. The vulnerable component is the News function.
Recommendations
Update to a version of Koha later than 25.11.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Koha