Security scans on Aleph 23 server complain about XSS Validation
- Product: Aleph
- Product Version: 23
- Relevant for Installation Type: Dedicated-Direct, Direct, Local, Total Care
Description
Possible XSS vulnerability in Aleph 23 OPAC when using 'Multi-base" search.
XSS vulnerabilities occur when the Web application echoes user-supplied data in an HTML response sent to the Web browser....
[Complete text of Security Scan Report found in Internal Note (viewable only by EL staff).]
The /exlibris/aleph/u23_1/alephe/tab/tab100 has been set to Y:
XSS-VALIDATION=Y
Resolution
Corrected by version 23 rep_change 2131, which will be included in Service Pack 23.1.2.
- Article last edited: 6-Jun-2017