PT-2026-52981 · Unknown · Library Management System

Published

2026-06-26

Updated

2026-06-26

CVE-2026-50765

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Koha Library Management System versions 0 through 25.11

Description A stored cross-site scripting (XSS) issue exists in the patron restriction type administration page. An authenticated remote attacker with administrator privileges can inject arbitrary web scripts through the restriction type label, specifically using the display text field.

Recommendations Update Koha Library Management System to a version later than 25.11. As a temporary mitigation, restrict access to the patron restriction type administration page or avoid modifying the display text field.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-50765

Affected Products

Library Management System

PT-2026-52981 · Unknown · Library Management System

CVE-2026-50765

Weakness Enumeration

Related Identifiers

Affected Products

References · 4