Koha/koha-tmpl/opac-tmpl at fb51a4bb0f3ac8b42b53579fe3d6d73d0b3438cd - Koha-community/Koha - Koha: The world's first free and open source library system

History

Chris Cormack fb51a4bb0f Bug 14416: Stored XSS vulnerability opac-addbybiblionumber.pl is also vulnerable because it doesn't escape list names. To test 1/ Create a malicious list name 2/ Try to add a biblio to the lists 3/ Notice js is excuted 4/ Apply patch 5/ Test again Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>	2015-06-22 11:00:09 -03:00
..
bootstrap	Bug 14416: Stored XSS vulnerability	2015-06-22 11:00:09 -03:00
lib	Bug 13612 - Remove old YUI javacript libraries from opac-tmpl	2015-02-24 11:16:39 -03:00

Chris Cormack fb51a4bb0f Bug 14416: Stored XSS vulnerability

opac-addbybiblionumber.pl is also vulnerable because it doesn't escape
list names.

To test
1/ Create a malicious list name
2/ Try to add a biblio to the lists
3/ Notice js is excuted
4/ Apply patch
5/ Test again

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

2015-06-22 11:00:09 -03:00

bootstrap

Bug 14416: Stored XSS vulnerability

2015-06-22 11:00:09 -03:00

lib

Bug 13612 - Remove old YUI javacript libraries from opac-tmpl

2015-02-24 11:16:39 -03:00