CVE-2026-26377

Опубликовано: 05 мар. 2026

Источник: debian

EPSS Низкий

Описание

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function.

Пакет	Статус	Версия исправления	Релиз	Тип
koha	itp			package

EPSS

Процентиль: 16%

0.00053

Низкий

CVE-2026-26377

CVSS3: 5.4

nvd

25 дней назад

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function.

GHSA-jf6c-m3q5-vfm4

CVSS3: 5.4

github

25 дней назад

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function.

EPSS

Процентиль: 16%

0.00053

Низкий