From dbffc29ba7b55594189a923b48b6ae4086cfbe52 Mon Sep 17 00:00:00 2001 From: Chris Cormack Date: Wed, 25 May 2016 14:01:41 +0000 Subject: [PATCH] Bug 16587 - opac-sendbasket.pl is open to XSS To test 1/ Hit a url like http://localhost:8080/cgi-bin/koha/opac-sendbasket.pl?email_add=%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3Ezz%40zz&comment=tes&bib_list=3 Where bib_list is a valid basket number 2/ Notice you get a javascript alert showing 3/ Apply patch 4/ Notice the text is now escaped Signed-off-by: Jonathan Druart Signed-off-by: Kyle M Hall --- koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendbasketform.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendbasketform.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendbasketform.tt index ad4ce3318f..20ce18ce24 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendbasketform.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendbasketform.tt @@ -14,7 +14,7 @@ [% IF ( SENT ) %]

Message sent

-

The cart was sent to: [% email_add %]

+

The cart was sent to: [% email_add | html %]

Close window

[% END %] -- 2.39.5