[Bug 3652] XSS vulnerabilities
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3652 Chris Hall <chrish@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Needs Signoff Assignee|oleonard@myacpl.org |chrish@catalyst.net.nz --- Comment #36 from Chris Hall <chrish@catalyst.net.nz> --- Created attachment 12876 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=12876&action=edit Fixing XSS vulnerability in opac-search Fixes XSS vulnerabilites in opac-search Search in the opac for ';</script><script>alert(10);</alert>' (without the quotes around it), a pop up should appear. You could also visit /cgi-bin/koha/opac-search.pl?q=%3B%3C%2Fscript%3E%3Cscript%3Ealert%2810%29%3B%3C%2Fscript%3E Notes: The above XSS vuln will work in firefox 16.01 but will not work in chromium 18 as chromium detects that the string is user supplies, instead chromium will report an error message to the console. Arachni still believes that the opac-search is vulnerable despite this fix, I believe it is incorrect as the string it tries to inject is made up of alphanumeric and hyphens, (as far as I know) none of these are dangerous when rendered within a form or script element. -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org