[Bug 11341] New: XSS attack vendor in facets in OPAC - prog theme
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11341 Bug ID: 11341 Summary: XSS attack vendor in facets in OPAC - prog theme Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: critical Priority: P5 - low Component: OPAC Assignee: oleonard@myacpl.org Reporter: chris@bigballofwax.co.nz QA Contact: testopia@bugs.koha-community.org If you craft some html in the offset variable, you can create an xss attack in the show more link in the facets. Patch to follow -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11341 Chris Cormack <chris@bigballofwax.co.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11341 --- Comment #1 from Chris Cormack <chris@bigballofwax.co.nz> --- Created attachment 23311 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=23311&action=edit Bug 11341 : XSS in opac-search.pl (facets) prog theme, bootstrap theme is safe To test 1/ Craft a url like cgi-bin/koha/opac-search.pl?idx=kw&q=fish&offset=20" onmouseover%3dprompt(994000) bad%3d" (the search must return enough results to have a show more link in the facets) 2/ Check the source, or mouseover the Show more links in the facets Notice the code is executable 3/ Apply patch - notice it is no longer executable -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11341 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11341 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #23311|0 |1 is obsolete| | --- Comment #2 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 23312 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=23312&action=edit Bug 11341 : XSS in opac-search.pl (facets) prog theme, bootstrap theme is safe To test 1/ Craft a url like cgi-bin/koha/opac-search.pl?idx=kw&q=fish&offset=20" onmouseover%3dprompt(994000) bad%3d" (the search must return enough results to have a show more link in the facets) 2/ Check the source, or mouseover the Show more links in the facets Notice the code is executable 3/ Apply patch - notice it is no longer executable Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com> -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11341 Brendan Gallagher <brendan@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11341 Brendan Gallagher <brendan@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #23312|0 |1 is obsolete| | --- Comment #3 from Brendan Gallagher <brendan@bywatersolutions.com> --- Created attachment 23313 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=23313&action=edit [PASSED-QA] Bug 11341 : XSS in opac-search.pl (facets) prog theme, bootstrap theme is safe To test 1/ Craft a url like cgi-bin/koha/opac-search.pl?idx=kw&q=fish&offset=20" onmouseover%3dprompt(994000) bad%3d" (the search must return enough results to have a show more link in the facets) 2/ Check the source, or mouseover the Show more links in the facets Notice the code is executable 3/ Apply patch - notice it is no longer executable Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11341 Galen Charlton <gmcharlt@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to Master CC| |gmcharlt@gmail.com --- Comment #4 from Galen Charlton <gmcharlt@gmail.com> --- Pushed to master. Thanks, Chris! -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11341 Chris Cormack <chris@bigballofwax.co.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|XSS attack vendor in facets |XSS attack vector in facets |in OPAC - prog theme |in OPAC - prog theme -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11341 Fridolin SOMERS <fridolyn.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to Master |Pushed to Stable CC| |fridolyn.somers@biblibre.co | |m --- Comment #5 from Fridolin SOMERS <fridolyn.somers@biblibre.com> --- This patch has been pushed to 3.14.x, will be in 3.14.1 -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11341 Fridolin SOMERS <fridolyn.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Patch complexity|--- |Trivial patch -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11341 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tomascohen@gmail.com --- Comment #6 from Tomás Cohen Arazi <tomascohen@gmail.com> --- This patch has been pushed to 3.12.x, will be in 3.12.8. Thanks Chris! -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11341 Jonathan Druart <jonathan.druart@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |http://bugs.koha-community. | |org/bugzilla3/show_bug.cgi? | |id=13618 -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org