http://bugs.koha.org/cgi-bin/bugzilla/show_bug.cgi?id=2690 Summary: Security Vulnerability Gives me Administrative Access Product: Koha Version: unspecified Platform: PC OS/Version: All Status: NEW Severity: normal Priority: P3 Component: Authentication AssignedTo: chris@bigballofwax.co.nz ReportedBy: rsofia@poly.edu QAContact: koha-bugs@lists.koha.org An XSS vulnerability exists allowing me to send a carefully constructed URL to a librarian via e-mail or messaging agent. When visited a message is sent back to me with the logged in users session credentials. Contact me for a proof of concept. ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.