Sanitize titles in callnumber alphabrowse and autosuggester

uchicago-library / vufind

A library resource discovery portal designed and developed for libraries by libraries

GNU General Public License v2.0

1 stars 0 forks source link

Closed bbusenius closed 2 years ago

bbusenius commented 2 years ago

An injection attack can be completed through an unsanitized Solr title. This is happening in one such example and can be triggered in two ways:

Go to this alphabrowse page.
Go to the VuFind homepage and search for the same title in the above example. Wait for the autosuggester to fire.