[Bug 3652] XSS vulnerabilities
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3652 Chris Cormack <chris@bigballofwax.co.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #12823|0 |1 is obsolete| | --- Comment #34 from Chris Cormack <chris@bigballofwax.co.nz> --- Created attachment 12836 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=12836&action=edit Bug 3652: close XSS vulnerabilities in opac-export The opac-export.pl script had a number of XSS vulnerabilities relating to its error handling. To test: 1) Go to /cgi-bin/koha/opac-export.pl?op=export&bib=2&format=<h2>evil</h2> (substituting a valid biblionumber for the '2') 2) Notice that "evil" is rendered as an h2 heading. 3) Apply patch. 4) Notice that you now see the h2 tags, and they are not rendered by the browser. Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org