Koha: >> Koha >> 23.05.09 Security Vulnerabilities
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features
CVSS Score
5.4
EPSS Score
0.001
Published
2026-06-03
Koha versions up to 25.11 contain a Server-Side Request Forgery (SSRF) vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning and identify running services by analyzing server response times.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-06-03
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function.
CVSS Score
5.4
EPSS Score
0.001
Published
2026-03-05