http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3652
Paul Poulain <paul.poul...@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |ASSIGNED Version|master |rel_3_10 --- Comment #46 from Paul Poulain <paul.poul...@biblibre.com> --- The 3 patches Bug 3652: close XSS vulnerabilities on biblionumber and authid (3.40 KB, patch) Bug 3652: close XSS vulnerabilities in opac-export (2.62 KB, patch) bug 3652 fixing XSS vulnerabilities in opac-search (3.04 KB, patch) have been pushed QA comment for Bug 3652: close XSS vulnerabilities on biblionumber and authid (3.40 KB, patch) = I made a follow-up to remove the || $query->param('bib'); (see comment 38) I think opac-detail.pl could also be fixed, but in case there's an old reference to this, I won't do that without a specific patch. Comment for opac-search = the XSS did not work for me if I entered > Search in the opac for ';</script><script>alert(10);</alert>' If was exploitable only with > /cgi-bin/koha/opac-search. > pl?q=%3B%3C%2Fscript%3E%3Cscript%3Ealert%2810%29%3B%3C%2Fscript%3E but it's worth pushing it anyway status back to ASSIGNED if another XSS vulnerability is found & fixed -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/