Lucene search
K

302 matches found

Nuclei
Nuclei
added 2 days ago32 views

Koha 3.20.1 - Directory Traversal

Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the templatepath parameter to 1 svc/virtualshelves/search or 2 svc/members/search. id: CVE-2015-4632 info: name:...

7.5CVSS7.1AI score0.51829EPSS
Exploits8References5
NVD
NVD
added 2026/06/26 10:16 p.m.12 views

CVE-2026-50766

A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...

5.4CVSS0.00196EPSS
Exploits1References1
NVD
NVD
added 2026/06/26 10:16 p.m.10 views

CVE-2026-50765

A stored cross-site scripting XSS vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label...

6.1CVSS0.0022EPSS
Exploits1References1
NVD
NVD
added 2026/06/26 10:16 p.m.9 views

CVE-2026-50767

A stored cross-site scripting XSS vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field checkinmsg...

5.4CVSS0.00196EPSS
Exploits1References1
CVE
CVE
added 2026/06/26 12:0 a.m.8 views

CVE-2026-50766

CVE-2026-50766 is a stored XSS vulnerability in the Koha Library Management System (OPAC item detail page) up to version 25.11. An authenticated user with the ability to edit items can inject arbitrary web scripts via the item public notes field (items.itemnotes). The connected documents confirm ...

5.4CVSS5.8AI score0.00196EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/26 12:0 a.m.6 views

CVE-2026-50765

A stored cross-site scripting XSS vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label...

5.8AI score0.0022EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/26 12:0 a.m.26 views

CVE-2026-50767

A stored cross-site scripting XSS vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field checkinmsg...

0.00196EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/26 12:0 a.m.25 views

CVE-2026-50766

A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...

0.00196EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/26 12:0 a.m.24 views

CVE-2026-50765

A stored cross-site scripting XSS vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label...

0.0022EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52981

Name of the Vulnerable Software and Affected Versions Koha Library Management System versions 0 through 25.11 Description A stored cross-site scripting XSS issue exists in the patron restriction type administration page. An authenticated remote attacker with administrator privileges can inject...

6.1CVSS5.8AI score0.0022EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:0 a.m.6 views

CVE-2026-50765

A stored cross-site scripting XSS vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label...

6.1CVSS5.8AI score0.0022EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:0 a.m.5 views

CVE-2026-50766

A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...

5.4CVSS5.8AI score0.00196EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52983

Name of the Vulnerable Software and Affected Versions Koha Library Management System versions 0 through 25.11 Description A stored cross-site scripting XSS issue exists in the item type administration page. An authenticated remote attacker with administrator privileges can inject arbitrary web...

5.4CVSS6AI score0.00196EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/06/26 12:0 a.m.5 views

CVE-2026-50766

A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...

5.8AI score0.00196EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/26 12:0 a.m.7 views

CVE-2026-50767

A stored cross-site scripting XSS vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field checkinmsg...

5.8AI score0.00196EPSS
Exploits1References2
CVE
CVE
added 2026/06/26 12:0 a.m.11 views

CVE-2026-50765

CVE-2026-50765 is a Cross-Site Scripting (XSS) vulnerability in Koha Library Management System (through version 25.11) affecting the patron restriction type administration page. An authenticated administrator can inject arbitrary scripts via the restriction type label (display_text field). The is...

6.1CVSS5.8AI score0.0022EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/06/26 12:0 a.m.10 views

CVE-2026-50767

CVE-2026-50767 describes a stored XSS vulnerability in Koha Library Management System (up to version 25.11) where an authenticated administrator can inject arbitrary scripts through the item type check-in message field (checkinmsg). The issue requires administrator privileges and is triggered by ...

5.4CVSS5.8AI score0.00196EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:0 a.m.6 views

CVE-2026-50767

A stored cross-site scripting XSS vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field checkinmsg...

5.4CVSS5.8AI score0.00196EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52982

Name of the Vulnerable Software and Affected Versions Koha Library Management System versions 0 through 25.11 Description A stored cross-site scripting XSS issue exists in the OPAC item detail page. An authenticated remote attacker with edit items permission can inject arbitrary web scripts throu...

5.4CVSS5.8AI score0.00196EPSS
Exploits1References6
NVD
NVD
added 2026/06/13 5:16 p.m.14 views

CVE-2026-6428

SQL Injection in reports/catalogueout.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary da...

7.6CVSS0.00244EPSS
Exploits0References3
Rows per page
Query Builder