[Koha-bugs] [Bug 11341] New: XSS attack vendor in facets in OPAC - prog theme
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Dec 4 22:12:58 CET 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11341
Bug ID: 11341
Summary: XSS attack vendor in facets in OPAC - prog theme
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: critical
Priority: P5 - low
Component: OPAC
Assignee: oleonard at myacpl.org
Reporter: chris at bigballofwax.co.nz
QA Contact: testopia at bugs.koha-community.org
If you craft some html in the offset variable, you can create an xss attack in
the show more link in the facets.
Patch to follow
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list