http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3652 Chris Cormack <chris@bigballofwax.co.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Needs Signoff --- Comment #20 from Chris Cormack <chris@bigballofwax.co.nz> --- If you have a search that returns more than one page of results it is possible to craft an xss exploit. With page numbers turned on try /cgi-bin/koha/opac-search.pl?q=1&do=Search&limit-yr=1&limit=1&idx=kw&sort_by=relevance"></a><b>This%20shouldn't%20happen</b> Then try it again with the patch applied. Another patch to follow to fix facets -- You are receiving this mail because: You are watching all bug changes.