]> git.koha-community.org Git - koha.git/commit
Bug 14416: Stored XSS vulnerability
authorChris Cormack <chrisc@catalyst.net.nz>
Thu, 18 Jun 2015 22:54:40 +0000 (10:54 +1200)
committerChris Cormack <chrisc@catalyst.net.nz>
Mon, 22 Jun 2015 21:41:24 +0000 (09:41 +1200)
commit1316436e269eec4836e0f999f62009ce41bcc08f
treea416f9eefa7ada5410c22f054685c396cef8cf15
parent0ba2e45448ff078de897b5eebd1acce5557b8a34
Bug 14416: Stored XSS vulnerability

The affected page in the OPAC client is:
http://testbox:9001/cgi-bin/koha/opac-shelves.pl
the vulnerable parameter: addshelf

The affected page in the STAFF client is:
http://testbox:9002/cgi-bin/koha/virtualshelves/shelves.pl

To test:
1/ Create a shelf in the opac that contains some malicious js
 eg Bad stuff <script>alert('oh noes');</script> as the name
2/ Go to /cgi-bin/koha/virtualshelves/shelves.pl in the staff client
  Note the js is executed
3/ View
http://192.168.2.18:8080/cgi-bin/koha/svc/virtualshelves/search?template_path=virtualshelves/tables/shelves_results.tt&type=1
  Notice the html is not escaped
4/ Apply patch
5/ View
http://192.168.2.18:8080/cgi-bin/koha/svc/virtualshelves/search?template_path=virtualshelves/tables/shelves_results.tt&type=1
  Notice the html is now escaped
6/ View /cgi-bin/koha/virtualshelves/shelves.pl - no more exploit

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 703a928b9d81e974d56c306cd0bee3670f243c55)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt