Bug 19052 - XSS Flaws in - Invoice search page
1. Hit /cgi-bin/koha/acqui/invoices.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> Invoiceno,
ISBN/EAN/ISSN, Title, Author, Publihser, Publication year search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Invoiceno,
ISBN/EAN/ISSN, Title, Author, Publihser, Publication year search box.
6. Notice it is no longer executed.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This commit is contained in:
Amit Gupta
parent
3199cff639
commit
0cf9eb0cfb
1 changed files with 12 additions and 12 deletions
|
|
@ -210,7 +210,7 @@ $(document).ready(function() {
|
||||||
<p>Search was:
|
<p>Search was:
|
||||||
<ul>
|
<ul>
|
||||||
[% IF ( invoicenumber ) %]
|
[% IF ( invoicenumber ) %]
|
||||||
<li>Invoice no.: [% invoicenumber %]</li>
|
<li>Invoice no.: [% invoicenumber |html %]</li>
|
||||||
[% END %]
|
[% END %]
|
||||||
[% IF booksellerid %]
|
[% IF booksellerid %]
|
||||||
<li>Vendor: [% suppliername %]</li>
|
<li>Vendor: [% suppliername %]</li>
|
||||||
|
|
@ -248,19 +248,19 @@ $(document).ready(function() {
|
||||||
[% END %]
|
[% END %]
|
||||||
[% END %]
|
[% END %]
|
||||||
[% IF ( isbneanissn ) %]
|
[% IF ( isbneanissn ) %]
|
||||||
<li>ISBN/EAN/ISSN: [% isbneanissn %]</li>
|
<li>ISBN/EAN/ISSN: [% isbneanissn |html %]</li>
|
||||||
[% END %]
|
[% END %]
|
||||||
[% IF ( title ) %]
|
[% IF ( title ) %]
|
||||||
<li>Title: [% title %]</li>
|
<li>Title: [% title |html %]</li>
|
||||||
[% END %]
|
[% END %]
|
||||||
[% IF ( author ) %]
|
[% IF ( author ) %]
|
||||||
<li>Author: [% author %]</li>
|
<li>Author: [% author |html %]</li>
|
||||||
[% END %]
|
[% END %]
|
||||||
[% IF ( publisher ) %]
|
[% IF ( publisher ) %]
|
||||||
<li>Publisher: [% publisher %]</li>
|
<li>Publisher: [% publisher |html %]</li>
|
||||||
[% END %]
|
[% END %]
|
||||||
[% IF ( publicationyear ) %]
|
[% IF ( publicationyear ) %]
|
||||||
<li>Publication year: [% publicationyear %]</li>
|
<li>Publication year: [% publicationyear |html %]</li>
|
||||||
[% END %]
|
[% END %]
|
||||||
[% IF ( branch ) %]
|
[% IF ( branch ) %]
|
||||||
<li>Library: [% Branches.GetName( branch ) %]</li>
|
<li>Library: [% Branches.GetName( branch ) %]</li>
|
||||||
|
|
@ -280,7 +280,7 @@ $(document).ready(function() {
|
||||||
<ol>
|
<ol>
|
||||||
<li>
|
<li>
|
||||||
<label for="invoicenumber">Invoice no:</label>
|
<label for="invoicenumber">Invoice no:</label>
|
||||||
<input type="text" id="invoicenumber" name="invoicenumber" value="[% invoicenumber %]" class="focus" />
|
<input type="text" id="invoicenumber" name="invoicenumber" value="[% invoicenumber |html %]" class="focus" />
|
||||||
</li>
|
</li>
|
||||||
<li>
|
<li>
|
||||||
<label for="supplier">Vendor:</label>
|
<label for="supplier">Vendor:</label>
|
||||||
|
|
@ -327,23 +327,23 @@ $(document).ready(function() {
|
||||||
</li>
|
</li>
|
||||||
<li>
|
<li>
|
||||||
<label for="isbneanissn">ISBN / EAN / ISSN:</label>
|
<label for="isbneanissn">ISBN / EAN / ISSN:</label>
|
||||||
<input type="text" id="isbneanissn" name="isbneanissn" value="[% isbneanissn %]" />
|
<input type="text" id="isbneanissn" name="isbneanissn" value="[% isbneanissn |html %]" />
|
||||||
</li>
|
</li>
|
||||||
<li>
|
<li>
|
||||||
<label for="title">Title:</label>
|
<label for="title">Title:</label>
|
||||||
<input type="text" id="title" name="title" value="[% title %]" />
|
<input type="text" id="title" name="title" value="[% title |html %]" />
|
||||||
</li>
|
</li>
|
||||||
<li>
|
<li>
|
||||||
<label for="author">Author:</label>
|
<label for="author">Author:</label>
|
||||||
<input type="text" id="author" name="author" value="[% author %]" />
|
<input type="text" id="author" name="author" value="[% author |html %]" />
|
||||||
</li>
|
</li>
|
||||||
<li>
|
<li>
|
||||||
<label for="publisher">Publisher:</label>
|
<label for="publisher">Publisher:</label>
|
||||||
<input type="text" id="publisher" name="publisher" value="[% publisher %]" />
|
<input type="text" id="publisher" name="publisher" value="[% publisher |html %]" />
|
||||||
</li>
|
</li>
|
||||||
<li>
|
<li>
|
||||||
<label for="publicationyear">Publication year:</label>
|
<label for="publicationyear">Publication year:</label>
|
||||||
<input type="text" id="publicationyear" name="publicationyear" value="[% publicationyear %]" />
|
<input type="text" id="publicationyear" name="publicationyear" value="[% publicationyear |html %]" />
|
||||||
</li>
|
</li>
|
||||||
<li>
|
<li>
|
||||||
<label for="branch">Library:</label>
|
<label for="branch">Library:</label>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue