[Koha-bugs] [Bug 3652] XSS vulnerabilities
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Oct 24 15:48:16 CEST 2012
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3652
Paul Poulain <paul.poulain at biblibre.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|Signed Off |ASSIGNED
Version|master |rel_3_10
--- Comment #46 from Paul Poulain <paul.poulain at biblibre.com> ---
The 3 patches
Bug 3652: close XSS vulnerabilities on biblionumber and authid (3.40 KB,
patch)
Bug 3652: close XSS vulnerabilities in opac-export (2.62 KB, patch)
bug 3652 fixing XSS vulnerabilities in opac-search (3.04 KB, patch)
have been pushed
QA comment for Bug 3652: close XSS vulnerabilities on biblionumber and authid
(3.40 KB, patch) = I made a follow-up to remove the || $query->param('bib');
(see comment 38)
I think opac-detail.pl could also be fixed, but in case there's an old
reference to this, I won't do that without a specific patch.
Comment for opac-search = the XSS did not work for me if I entered
> Search in the opac for ';</script><script>alert(10);</alert>'
If was exploitable only with
> /cgi-bin/koha/opac-search.
> pl?q=%3B%3C%2Fscript%3E%3Cscript%3Ealert%2810%29%3B%3C%2Fscript%3E
but it's worth pushing it anyway
status back to ASSIGNED if another XSS vulnerability is found & fixed
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list