[Koha-bugs] [Bug 5131] New: XSS vulnerability in the OPAC search results interface
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Aug 13 01:55:48 CEST 2010
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5131
Summary: XSS vulnerability in the OPAC search results interface
Change sponsored?: ---
Product: Koha
Version: HEAD
Platform: All
OS/Version: All
Status: NEW
Severity: critical
Priority: P5
Component: OPAC
AssignedTo: oleonard at myacpl.org
ReportedBy: robin at catalyst.net.nz
QAContact: koha-bugs at lists.koha-community.org
Estimated Hours: 0.0
In opac-search.pl:
foreach my $sort (@sort_by) {
$template->param($sort => 1); # FIXME: security hole. can set any
TMPL_VAR here
}
This makes it pretty easy for someone to do things like inject arbitrary HTML
and Javascript, and so steal the credentials of another user.
This operation needs a whitelist of valid values that it checks against.
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the Koha-bugs
mailing list