[Koha-bugs] [Bug 3652] XSS vulnerabilities
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Oct 9 03:13:23 CEST 2012
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3652
Chris Cormack <chris at bigballofwax.co.nz> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|Signed Off |Needs Signoff
--- Comment #20 from Chris Cormack <chris at bigballofwax.co.nz> ---
If you have a search that returns more than one page of results it is possible
to craft an xss exploit.
With page numbers turned on try
/cgi-bin/koha/opac-search.pl?q=1&do=Search&limit-yr=1&limit=1&idx=kw&sort_by=relevance"></a><b>This%20shouldn't%20happen</b>
Then try it again with the patch applied.
Another patch to follow to fix facets
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list