http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11307
Bug ID: 11307 Summary: Potential XSS attack vector in opac rss feed Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: critical Priority: P5 - low Component: OPAC Assignee: oleon...@myacpl.org Reporter: ch...@bigballofwax.co.nz QA Contact: testo...@bugs.koha-community.org http://demo.mykoha.co.nz/cgi-bin/koha/opac-search.pl?idx=kw&q=a&count=50%22%27%3Ch1%3Etest%3C/h1%3E&sort_by=acqdate_dsc&format=rss2 If you look at the source you will see <opensearch:itemsPerPage>50"'<h1>test</h1></opensearch:itemsPerPage> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/