[Koha] Potential XSS attack vector in opac

Liz Rea liz at catalyst.net.nz
Wed Dec 10 12:15:26 NZDT 2014

Hi Bob,

Thanks for reporting this bug. In the future, it would be better for you
to file your bug at the community bugzilla - the large blue link here:

As a general reminder for everyone, please don't post your found
vulnerabilities to the public list. Security bugs should be reported at
the link above. Koha security bugs are restricted viewing to the
reporter, and the people listed who are in the security group, which
corresponds with those who need to be involved in organising an
out-of-sequence release to deal with serious security issues.

Thanks again for reporting the issue and helping to make Koha better.


On 10/12/14 11:42, Bob Ewart wrote:
> When our site was scanned for potential vulnerabilities...
> Bob Ewart
> _______________________________________________
> Koha mailing list  http://koha-community.org
> Koha at lists.katipo.co.nz
> http://lists.katipo.co.nz/mailman/listinfo/koha

Liz Rea
Catalyst.Net Limited
Level 6, Catalyst House, 
150 Willis Street, Wellington.
P.O Box 11053, Manners Street, 
Wellington 6142

GPG: B149 A443 6B01 7386 C2C7 F481 B6c2 A49D 3726 38B7

More information about the Koha mailing list