Hi, First let me say that this is not a very serious security issue, so please don't freak out. We've just done an audit of Koha (OPAC and Intranet) and have found a number of XSS vulnerabilities in the code. This allows a malicious attacker, with a carefully crafted web site to potentially trick your users into providing sensitive information to a site other than yours (e.g. usernames and passwords). Is anyone aware of patches for these currently in circulation? If not, I'll have a look at the problems and attempt to address them and then release a patch. Thanks, Andrew Some info about XSS: http://sandsprite.com/Sleuth/papers/RealWorld_XSS_1.html http://www.cert.org/tech_tips/malicious_code_FAQ.html http://www.cgisecurity.com/articles/xss-faq.shtml _________________________ Andrew Yager, Managing Director (BCompSc MACS) Real World Technology Solutions Pty Ltd ph: 1300 798 718 or (02) 9563 4840 fax: (02) 9563 4848 mob: 0405 152 568 http://www.rwts.com.au/ _________________________ Real World Technology Solutions is an Authorised Apple Reseller, Telstra Dealer, Microsoft Small Business Solutions Specialist, Cisco Registered Partner and Member of Open Source Industry Australia.