Bug 19052 - XSS Flaws in - Invoice search page

1. Hit /cgi-bin/koha/acqui/invoices.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> Invoiceno,
   ISBN/EAN/ISSN, Title, Author, Publihser, Publication year search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Invoiceno,
   ISBN/EAN/ISSN, Title, Author, Publihser, Publication year search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This commit is contained in:
Amit Gupta 2017-08-07 22:17:14 +05:30 committed by Jonathan Druart
parent 3199cff639
commit 0cf9eb0cfb

View file

@ -210,7 +210,7 @@ $(document).ready(function() {
<p>Search was:
<ul>
[% IF ( invoicenumber ) %]
<li>Invoice no.: [% invoicenumber %]</li>
<li>Invoice no.: [% invoicenumber |html %]</li>
[% END %]
[% IF booksellerid %]
<li>Vendor: [% suppliername %]</li>
@ -248,19 +248,19 @@ $(document).ready(function() {
[% END %]
[% END %]
[% IF ( isbneanissn ) %]
<li>ISBN/EAN/ISSN: [% isbneanissn %]</li>
<li>ISBN/EAN/ISSN: [% isbneanissn |html %]</li>
[% END %]
[% IF ( title ) %]
<li>Title: [% title %]</li>
<li>Title: [% title |html %]</li>
[% END %]
[% IF ( author ) %]
<li>Author: [% author %]</li>
<li>Author: [% author |html %]</li>
[% END %]
[% IF ( publisher ) %]
<li>Publisher: [% publisher %]</li>
<li>Publisher: [% publisher |html %]</li>
[% END %]
[% IF ( publicationyear ) %]
<li>Publication year: [% publicationyear %]</li>
<li>Publication year: [% publicationyear |html %]</li>
[% END %]
[% IF ( branch ) %]
<li>Library: [% Branches.GetName( branch ) %]</li>
@ -280,7 +280,7 @@ $(document).ready(function() {
<ol>
<li>
<label for="invoicenumber">Invoice no:</label>
<input type="text" id="invoicenumber" name="invoicenumber" value="[% invoicenumber %]" class="focus" />
<input type="text" id="invoicenumber" name="invoicenumber" value="[% invoicenumber |html %]" class="focus" />
</li>
<li>
<label for="supplier">Vendor:</label>
@ -327,23 +327,23 @@ $(document).ready(function() {
</li>
<li>
<label for="isbneanissn">ISBN / EAN / ISSN:</label>
<input type="text" id="isbneanissn" name="isbneanissn" value="[% isbneanissn %]" />
<input type="text" id="isbneanissn" name="isbneanissn" value="[% isbneanissn |html %]" />
</li>
<li>
<label for="title">Title:</label>
<input type="text" id="title" name="title" value="[% title %]" />
<input type="text" id="title" name="title" value="[% title |html %]" />
</li>
<li>
<label for="author">Author:</label>
<input type="text" id="author" name="author" value="[% author %]" />
<input type="text" id="author" name="author" value="[% author |html %]" />
</li>
<li>
<label for="publisher">Publisher:</label>
<input type="text" id="publisher" name="publisher" value="[% publisher %]" />
<input type="text" id="publisher" name="publisher" value="[% publisher |html %]" />
</li>
<li>
<label for="publicationyear">Publication year:</label>
<input type="text" id="publicationyear" name="publicationyear" value="[% publicationyear %]" />
<input type="text" id="publicationyear" name="publicationyear" value="[% publicationyear |html %]" />
</li>
<li>
<label for="branch">Library:</label>