Cross Site Scripting (XSS) vulnerabilty in KB item 15562 - Solved?

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Article Type: General
Product: Aleph
Product Version: 18.01

Description:
We were just notified that our Aleph OPAC is exhibiting a vulnerability to XSS.

Support Knowledge Base # 15562 says that this would be addressed in the v18 Nov Service Pack.

Is there some configuration that needs to be done as well? We have installed the Nov service pack, and I didn't see anything in the release notes about XSS.

Resolution:
Corrected by:

V18 - rep_change #1503
V19 - rep_change #174
V20 - rep_ver #15191

Implementation Notes:

To use this option, add the following line to $alephe_tab/tab100:
XSS-VALIDATION=Y

Article last edited: 10/8/2013