http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11341
Bug ID: 11341
Summary: XSS attack vendor in facets in OPAC - prog theme
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: critical
Priority: P5 - low
Component: OPAC
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
If you craft some html in the offset variable, you can create an xss attack in
the show more link in the facets.
Patch to follow
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
