Skip to main content
ExLibris
  • Subscribe by RSS
  • ExLibris Dev

    Cross Site Scripting (XSS) vulnerabilty in KB item 15562 - Solved?

    • Article Type: General
    • Product: Aleph
    • Product Version: 18.01

    Description:
    We were just notified that our Aleph OPAC is exhibiting a vulnerability to XSS.

    Support Knowledge Base # 15562 says that this would be addressed in the v18 Nov Service Pack.

    Is there some configuration that needs to be done as well? We have installed the Nov service pack, and I didn't see anything in the release notes about XSS.

    Resolution:
    Corrected by:

    V18 - rep_change #1503
    V19 - rep_change #174
    V20 - rep_ver #15191

    Implementation Notes:

    To use this option, add the following line to $alephe_tab/tab100:
    XSS-VALIDATION=Y


    • Article last edited: 10/8/2013
    //doorbell.io feedback widged