Question 1

What is CVE-2026-50766 — CVE-2026-50766?

Accepted Answer

A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System through 25.11 allows an authenticated remote attacker with edit_items permission to inject arbitrary web scripts via the item public notes field (items.itemnotes).

Question 2

What is the authoritative source for CVE-2026-50766?

Accepted Answer

CVE-2026-50766 (CVE-2026-50766) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVE-2026-50766CVE-2026-50766

Description

Scoring