http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5131 Summary: XSS vulnerability in the OPAC search results interface Change sponsored?: --- Product: Koha Version: HEAD Platform: All OS/Version: All Status: NEW Severity: critical Priority: P5 Component: OPAC AssignedTo: oleonard@myacpl.org ReportedBy: robin@catalyst.net.nz QAContact: koha-bugs@lists.koha-community.org Estimated Hours: 0.0 In opac-search.pl: foreach my $sort (@sort_by) { $template->param($sort => 1); # FIXME: security hole. can set any TMPL_VAR here } This makes it pretty easy for someone to do things like inject arbitrary HTML and Javascript, and so steal the credentials of another user. This operation needs a whitelist of valid values that it checks against. -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.