[Koha-bugs] [Bug 11307] New: Potential XSS attack vector in opac rss feed

bugzilla-daemon Tue, 26 Nov 2013 08:38:44 -0800

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11307


            Bug ID: 11307
           Summary: Potential XSS attack vector in opac rss feed
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: critical
          Priority: P5 - low
         Component: OPAC
          Assignee: [email protected]
          Reporter: [email protected]
        QA Contact: [email protected]

http://demo.mykoha.co.nz/cgi-bin/koha/opac-search.pl?idx=kw&amp;q=a&amp;count=50%22%27%3Ch1%3Etest%3C/h1%3E&amp;sort_by=acqdate_dsc&amp;format=rss2

If you look at the source you will see 
<opensearch:itemsPerPage>50"'<h1>test</h1></opensearch:itemsPerPage>

-- 
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 11307] New: Potential XSS attack vector in opac rss feed

Reply via email to