There are multiple previously unreported XSS vulnerabilities on regular Search pages.
Diff:
--- old +++ new @@ -1,35 +1 @@ -Yet unreported issue when passing HTML tags in search field. - -~~~ -Index: biblio/se.py -=================================================================== ---- biblio/se.py (Revision 551) -+++ biblio/se.py (Arbeitskopie) -@@ -41,7 +41,7 @@ - return (0, error) - - def PrintSummary(arg, count, limit, search_type, search_abbreviation): -- print "<p><b>A search for '%s' found %d matches" % (arg, count) -+ print "<p><b>A search for '%s' found %d matches" % (cgi.escape(arg), count) - if count >= limit: - print "<br>The first %d matches are displayed below. " % (limit) - print 'Use <a class="inverted" href="http:/%s/adv_search_selection.cgi?%s">Advanced %s Search</a>' % (HTFAKE, search_abbreviation, search_type) -@@ -57,7 +57,7 @@ - print '<option VALUE="exact">exact %s search' % search_type - print '<option SELECTED VALUE="approximate">approximate %s search' % search_type - print '</select>' -- print ' on <input NAME="SEARCH_VALUE" SIZE="50" VALUE="%s">' % arg -+ print ' on <input NAME="SEARCH_VALUE" SIZE="50" VALUE="%s">' % cgi.escape(arg) - print '<input NAME="PAGE_TYPE" VALUE="%s" TYPE="HIDDEN">' % search_type - print '<input TYPE="SUBMIT" VALUE="using Google">' - print '</form>' -@@ -454,6 +454,5 @@ - else: - DoError('No search value specified', search_value, type) - -- print '<p>' - PrintTrailer('search', 0, 0) - -~~~ - -NOTE: The removed print fixes an HTML issue and is not directly related to the CSS issue. +There are multiple previously unreported XSS vulnerabilities on regular Search pages.
Anonymous
You seem to have CSS turned off. Please don't fill out this field.
Fixed in:
biblio/se.py common/navbar.py
Installed in SVN 574 on 2020-11-20. Closing the Bug.
Diff:
Fixed in:
Installed in SVN 574 on 2020-11-20. Closing the Bug.