http://bugs.koha.org/cgi-bin/bugzilla3/show_bug.cgi?id=3759 Summary: XSS Exploit in Search Results. Product: Koha Version: unspecified Platform: All OS/Version: All Status: NEW Severity: major Priority: P5 Component: Searching AssignedTo: jmf@liblime.com ReportedBy: sirusdv@pwnzord.com Estimated Hours: 0.0 Change sponsored?: --- Example: /cgi-bin/koha/opac-search.pl?q=<script>alert('meow')<%2Fscript> Dangers: http://cwe.mitre.org/data/definitions/79.html Fix for 'en' attached. Should be changed in others as well. -- Configure bugmail: http://bugs.koha.org/cgi-bin/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.