• Article Type: General
• Product: Aleph
• Product Version: 18.01

Description:
We were just notified that our Aleph OPAC is exhibiting a vulnerability to XSS.

Support Knowledge Base # 15562 says that this would be addressed in the v18 Nov Service Pack.

Is there some configuration that needs to be done as well? We have installed the Nov service pack, and I didn't see anything in the release notes about XSS.

Resolution:
Corrected by:

V18 - rep_change #1503
V19 - rep_change #174
V20 - rep_ver #15191

Implementation Notes:

To use this option, add the following line to $alephe_tab/tab100:
XSS-VALIDATION=Y

• Article last edited: 10/8/2013