[Koha-bugs] [Bug 2690] New: Security Vulnerability Gives me Administrative Access
bugzilla-daemon at pippin.metavore.com
bugzilla-daemon at pippin.metavore.com
Fri Oct 17 18:36:38 CEST 2008
http://bugs.koha.org/cgi-bin/bugzilla/show_bug.cgi?id=2690
Summary: Security Vulnerability Gives me Administrative Access
Product: Koha
Version: unspecified
Platform: PC
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: Authentication
AssignedTo: chris at bigballofwax.co.nz
ReportedBy: rsofia at poly.edu
QAContact: koha-bugs at lists.koha.org
An XSS vulnerability exists allowing me to send a carefully constructed URL to
a librarian via e-mail or messaging agent. When visited a message is sent back
to me with the logged in users session credentials.
Contact me for a proof of concept.
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the Koha-bugs
mailing list