4 Dec
2013
4 Dec
'13
10:12 p.m.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11341 Bug ID: 11341 Summary: XSS attack vendor in facets in OPAC - prog theme Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: critical Priority: P5 - low Component: OPAC Assignee: oleonard@myacpl.org Reporter: chris@bigballofwax.co.nz QA Contact: testopia@bugs.koha-community.org If you craft some html in the offset variable, you can create an xss attack in the show more link in the facets. Patch to follow -- You are receiving this mail because: You are watching all bug changes.