Hi Sue,
Dspace 1.4.x and earlier was vulnerable to XSS and CSRF because DSpace
prints handle bad requests and don't clean it before...
With XSS you can stole the session cookie from the user that clicks the
link, and with CSRF(Cross site request foreign) you can execute requests
with
Hi All,
I appreciate that DSpace makes heavy usage of css. However, I am interested
in establishing how I can go ahead and change the default white background
for the Navigation bar, content , sider bar and footer. It is clear that it
is not affected by the body background element of the
Dear DSpace Community,
On behalf of the DSpace Committers, I would like to formally announce that
DSpace 1.7.0 is now available!
DSpace 1.7.0 can be downloaded immediately at either of the following
locations:
* SourceForge: https://sourceforge.net/projects/dspace/files/
* SVN:
Hi Stuart,
Thanks a bunch for the information. That's great news. I wonder if you
would be willing to share details of exactly how this testing was done so
others might be able to do and/or continue this testing?
Thanks again,
Sue
Sue Walker-Thornton
Software Developer/Database
Hi,
I wonder if you can elaborate on what this does:
dspace-url/handle/%3Cscript%3Ealert%281%29%3C/script%3E
Thanks,
Sue
Sue Walker-Thornton
Software Developer/Database Administrator
NASA Langley Research Center|LITES Contract
(757) 224-4074
From: Oriol Olivé Comadira. Biblioteca UdG
Hi Sue,
Thanks a bunch for the information. That's great news. I wonder if you
would be willing to share details of exactly how this testing was done so
others might be able to do and/or continue this testing?
It all depends on your particular testing tool - you may have local
6 matches
Mail list logo
