Browse Source
1. Hit /cgi-bin/koha/reports/cat_issues_top.pl 2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in Callnumber, Day, Month, Year search box. 3. Notice the iframe is executed. 4. Apply patch. 5. Reload page, and enter iframe again on Callnumber, Day, Month, Year search box. 6. Notice it is no longer executed. Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>17.11.x
Amit Gupta
7 years ago
committed by
Jonathan Druart
1 changed files with 1 additions and 1 deletions
Loading…
Reference in new issue