Security Advisory

CVE-2026-26377

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-05 00:00:00
Last updated 2026-03-10 14:33:25
Assigner mitre
State PUBLISHED

Description

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function.