[Koha-bugs] [Bug 3759] New: XSS Exploit in Search Results.
bugzilla-daemon at kohaorg.ec2.liblime.com
bugzilla-daemon at kohaorg.ec2.liblime.com
Tue Nov 3 23:44:14 CET 2009
http://bugs.koha.org/cgi-bin/bugzilla3/show_bug.cgi?id=3759
Summary: XSS Exploit in Search Results.
Product: Koha
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P5
Component: Searching
AssignedTo: jmf at liblime.com
ReportedBy: sirusdv at pwnzord.com
Estimated Hours: 0.0
Change sponsored?: ---
Example:
/cgi-bin/koha/opac-search.pl?q=<script>alert('meow')<%2Fscript>
Dangers:
http://cwe.mitre.org/data/definitions/79.html
Fix for 'en' attached. Should be changed in others as well.
--
Configure bugmail: http://bugs.koha.org/cgi-bin/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the Koha-bugs
mailing list