Bug 1444008 - Form action injection in Bugzilla /user_profile (leads to XSS/single-factor credential leakage)

author: Dylan William Hardison <dylan@hardison.net> 2018-03-20 15:06:20 +0100
committer: Dylan William Hardison <dylan@hardison.net> 2018-03-20 15:06:20 +0100
commit: 40023c4a9f7d949f623b3b6fa90c9cbf5dfc2351 (patch)
tree: 8b712354b3cc527db6c498d11a50cdbbc2a42837 /extensions/UserProfile
parent: 4cd99a91ff6a92a5e10449463b12a312060d01ba (diff)
download: bugzilla-40023c4a9f7d949f623b3b6fa90c9cbf5dfc2351.tar.gz
bugzilla-40023c4a9f7d949f623b3b6fa90c9cbf5dfc2351.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl b/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl
index 27cb825ed..fd72091dc 100644
--- a/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl
+++ b/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl
@@ -27,7 +27,7 @@
     <td>&nbsp;</td>
     <th>Search</th>
     <td colspan="2">
-      <form action="user_profile">
+      <form action="[% urlbase %]user_profile">
         [% INCLUDE global/userselect.html.tmpl
           id => "login"
           name => "login"
author	Dylan William Hardison <dylan@hardison.net>	2018-03-20 15:06:20 +0100
committer	Dylan William Hardison <dylan@hardison.net>	2018-03-20 15:06:20 +0100
commit	40023c4a9f7d949f623b3b6fa90c9cbf5dfc2351 (patch)
tree	8b712354b3cc527db6c498d11a50cdbbc2a42837 /extensions/UserProfile
parent	4cd99a91ff6a92a5e10449463b12a312060d01ba (diff)
download	bugzilla-40023c4a9f7d949f623b3b6fa90c9cbf5dfc2351.tar.gz bugzilla-40023c4a9f7d949f623b3b6fa90c9cbf5dfc2351.tar.xz