[Koha] XSS Vulnerabilities in Koha
andrew at rwts.com.au
Thu Aug 30 20:22:19 NZST 2007
First let me say that this is not a very serious security issue, so
please don't freak out.
We've just done an audit of Koha (OPAC and Intranet) and have found a
number of XSS vulnerabilities in the code. This allows a malicious
attacker, with a carefully crafted web site to potentially trick your
users into providing sensitive information to a site other than yours
(e.g. usernames and passwords).
Is anyone aware of patches for these currently in circulation? If
not, I'll have a look at the problems and attempt to address them and
then release a patch.
Some info about XSS:
Andrew Yager, Managing Director (BCompSc MACS)
Real World Technology Solutions Pty Ltd
ph: 1300 798 718 or (02) 9563 4840
fax: (02) 9563 4848 mob: 0405 152 568
Real World Technology Solutions is an Authorised Apple Reseller,
Telstra Dealer, Microsoft Small Business Solutions Specialist, Cisco
Registered Partner and Member of Open Source Industry Australia.
More information about the Koha