http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11341
--- Comment #1 from Chris Cormack <[email protected]> --- Created attachment 23311 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=23311&action=edit Bug 11341 : XSS in opac-search.pl (facets) prog theme, bootstrap theme is safe To test 1/ Craft a url like cgi-bin/koha/opac-search.pl?idx=kw&q=fish&offset=20" onmouseover%3dprompt(994000) bad%3d" (the search must return enough results to have a show more link in the facets) 2/ Check the source, or mouseover the Show more links in the facets Notice the code is executable 3/ Apply patch - notice it is no longer executable -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
