Bug 1444008 - Form action injection in Bugzilla /user_profile (leads to XSS/single-factor credential leakage)

author: Dylan William Hardison <dylan@hardison.net> 2018-03-20 15:06:20 +0100
committer: Dylan William Hardison <dylan@hardison.net> 2018-03-20 15:06:20 +0100
commit: 40023c4a9f7d949f623b3b6fa90c9cbf5dfc2351 (patch)
tree: 8b712354b3cc527db6c498d11a50cdbbc2a42837 /template/en/default
parent: 4cd99a91ff6a92a5e10449463b12a312060d01ba (diff)
download: bugzilla-40023c4a9f7d949f623b3b6fa90c9cbf5dfc2351.tar.gz
bugzilla-40023c4a9f7d949f623b3b6fa90c9cbf5dfc2351.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/template/en/default/account/auth/login.html.tmpl b/template/en/default/account/auth/login.html.tmpl
index 160fad43b..c11a6afc1 100644
--- a/template/en/default/account/auth/login.html.tmpl
+++ b/template/en/default/account/auth/login.html.tmpl
@@ -42,7 +42,7 @@
 </p>
 
 <div id="login" class="login-form">
-  <form name="login" action="[% target FILTER html %]" method="POST"
+  <form name="login" action="[% urlbase %][% target FILTER uri FILTER html %]" method="POST"
         [%- IF Bugzilla.cgi.param("data") %] enctype="multipart/form-data"[% END %]>
     <div class="field-login">
       <label for="Bugzilla_login">Email Address:</label>
author	Dylan William Hardison <dylan@hardison.net>	2018-03-20 15:06:20 +0100
committer	Dylan William Hardison <dylan@hardison.net>	2018-03-20 15:06:20 +0100
commit	40023c4a9f7d949f623b3b6fa90c9cbf5dfc2351 (patch)
tree	8b712354b3cc527db6c498d11a50cdbbc2a42837 /template/en/default
parent	4cd99a91ff6a92a5e10449463b12a312060d01ba (diff)
download	bugzilla-40023c4a9f7d949f623b3b6fa90c9cbf5dfc2351.tar.gz bugzilla-40023c4a9f7d949f623b3b6fa90c9cbf5dfc2351.tar.xz