[Koha-bugs] [Bug 11307] New: Potential XSS attack vector in opac rss feed
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Nov 26 17:37:20 CET 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11307
Bug ID: 11307
Summary: Potential XSS attack vector in opac rss feed
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: critical
Priority: P5 - low
Component: OPAC
Assignee: oleonard at myacpl.org
Reporter: chris at bigballofwax.co.nz
QA Contact: testopia at bugs.koha-community.org
http://demo.mykoha.co.nz/cgi-bin/koha/opac-search.pl?idx=kw&q=a&count=50%22%27%3Ch1%3Etest%3C/h1%3E&sort_by=acqdate_dsc&format=rss2
If you look at the source you will see
<opensearch:itemsPerPage>50"'<h1>test</h1></opensearch:itemsPerPage>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list