Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules
History
Amit Gupta 3f7fc907ba Bug 19034: XSS Flaws in Cities 
1. Hit /cgi-bin/koha/admin/cities.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search cities box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search cities box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
..
acqui Bug 19052 - XSS Flaws in - Invoice search page 2017-08-29 12:00:37 -03:00
admin Bug 19034: XSS Flaws in Cities 2017-08-29 12:00:37 -03:00
authorities Bug 18801 - Merging authorities has an invalid 'Default' type in the merge framework selector 2017-07-06 14:29:03 -03:00
basket Bug 12644 - Add subtitles to staff client cart 2017-08-15 12:17:45 -03:00
batch
catalogue Bug 18331: Fix CSV export (once and for all!) 2017-08-15 12:17:40 -03:00
cataloguing Bug 18277: Remove GetBiblionumberFromItemnumber - linkitem 2017-07-10 13:03:37 -03:00
circ Bug 18469: QA Follow-up 2017-08-15 12:17:43 -03:00
clubs Bug 18630: Translatability (Clubs): 'Cancel' is ambiguous and leads to mistakes 2017-06-15 15:56:00 -03:00
common Bug 13835: Popup with searches: results hidden by language menu in footer 2017-04-28 08:35:30 -04:00
course_reserves Bug 18367 - Fix untranslatable string from Bug 18264 2017-07-13 16:42:03 -03:00
errors Bug 16270: Typo authentification/authentication 2016-04-29 14:44:26 +00:00
help Bug 18817: Update links manually 2017-08-25 10:22:14 -03:00
installer Bug 17942 [Follow-up] Update style of the web installer with Bootstrap 3 2017-05-09 20:54:31 +00:00
labels Bug 19050 - XSS Flaws in Quick spine label creator 2017-08-29 12:00:37 -03:00
members Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
offline_circ Bug 17056 - Remove event attributes from various templates 2016-09-25 15:47:47 +00:00
onboarding Bug 18702: Translatability: Get rid of exposed if statement in tt for translated onboardingstep2.tt 2017-06-05 16:35:23 -03:00
patron_lists Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
patroncards Bug 18465: (followup) Fix issue with patron lists an do not use clone 2017-07-06 14:52:54 -03:00
plugins Bug 18430 - Plugins page should have a link to viewing other types 2017-06-05 11:59:26 -03:00
reports Bug 19054 - XSS Flaws in Report - Top Most-circulated items 2017-08-29 12:00:37 -03:00
reserve Bug 18534 - When IndependentBranches is enabled the pickup location displayed incorrectly on request.pl 2017-05-19 10:33:19 -04:00
reviews Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
rotating_collections Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
serials Bug 13747: Fix problems with frequency descriptions containing quotes 2017-06-05 16:34:26 -03:00
services
sms
suggestion Bug 18581 - Add standard edit and delete buttons to suggestions list 2017-08-25 10:59:04 -03:00
tags Bug 5471 - Quotes in tags fail 2017-08-10 13:20:31 -03:00
test
tools Bug 19051 - XSS Flaws in - Batch item modification page 2017-08-29 12:00:37 -03:00
virtualshelves Bug 18980: Show distinction between shared and private lists in staff 2017-08-10 13:20:31 -03:00
about.tt Bug 19000: Fix typo in closing p tag for items 2017-07-28 11:14:26 -03:00
auth.tt Bug 18314 (QA Followup) Use OpacBaseURL for password reset link 2017-05-12 10:59:10 -04:00
intranet-main.tt Bug 19041: (bug 17855 follow-up) Fix regression on bug 16058 2017-08-08 09:20:35 -03:00