[Bug 3652] XSS vulnerabilities
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3652 Paul Poulain <paul.poulain@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |ASSIGNED Version|master |rel_3_10 --- Comment #46 from Paul Poulain <paul.poulain@biblibre.com> --- The 3 patches Bug 3652: close XSS vulnerabilities on biblionumber and authid (3.40 KB, patch) Bug 3652: close XSS vulnerabilities in opac-export (2.62 KB, patch) bug 3652 fixing XSS vulnerabilities in opac-search (3.04 KB, patch) have been pushed QA comment for Bug 3652: close XSS vulnerabilities on biblionumber and authid (3.40 KB, patch) = I made a follow-up to remove the || $query->param('bib'); (see comment 38) I think opac-detail.pl could also be fixed, but in case there's an old reference to this, I won't do that without a specific patch. Comment for opac-search = the XSS did not work for me if I entered
Search in the opac for ';</script><script>alert(10);</alert>' If was exploitable only with /cgi-bin/koha/opac-search. pl?q=%3B%3C%2Fscript%3E%3Cscript%3Ealert%2810%29%3B%3C%2Fscript%3E
but it's worth pushing it anyway status back to ASSIGNED if another XSS vulnerability is found & fixed -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org