From 703a928b9d81e974d56c306cd0bee3670f243c55 Mon Sep 17 00:00:00 2001 From: Chris Cormack Date: Fri, 19 Jun 2015 10:54:40 +1200 Subject: [PATCH] Bug 14416: Stored XSS vulnerability The affected page in the OPAC client is: http://testbox:9001/cgi-bin/koha/opac-shelves.pl the vulnerable parameter: addshelf The affected page in the STAFF client is: http://testbox:9002/cgi-bin/koha/virtualshelves/shelves.pl To test: 1/ Create a shelf in the opac that contains some malicious js eg Bad stuff as the name 2/ Go to /cgi-bin/koha/virtualshelves/shelves.pl in the staff client Note the js is executed 3/ View http://192.168.2.18:8080/cgi-bin/koha/svc/virtualshelves/search?template_path=virtualshelves/tables/shelves_results.tt&type=1 Notice the html is not escaped 4/ Apply patch 5/ View http://192.168.2.18:8080/cgi-bin/koha/svc/virtualshelves/search?template_path=virtualshelves/tables/shelves_results.tt&type=1 Notice the html is now escaped 6/ View /cgi-bin/koha/virtualshelves/shelves.pl - no more exploit Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi --- .../prog/en/modules/virtualshelves/tables/shelves_results.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt index e6909d6f54..65a74597b1 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt @@ -9,7 +9,7 @@ "dt_type": "[% data.type %]", "dt_shelfname": - "[% data.shelfname %]", + "[% data.shelfname | html%]", "dt_count": "[% data.count %] item(s)", "dt_owner": -- 2.39.5