Security Advisory
CVE-2026-26377
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function.