Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules/admin
History
Amit Gupta 3f7fc907ba Bug 19034: XSS Flaws in Cities 
1. Hit /cgi-bin/koha/admin/cities.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search cities box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search cities box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
..
preferences Bug 16892: Add automatic patron registration via OAuth2 login 2017-08-25 10:51:25 -03:00
searchengine/elasticsearch Bug 17793: Follow up for identified missing changes 2017-02-17 15:34:11 +00:00
admin-home.tt Bug 18700 Fix grammar (data cannot be pluralized) 2017-06-05 11:46:58 -03:00
aqbudgetperiods.tt Bug 5784 - Undo link in breadcrumbs 2017-02-17 12:10:15 +00:00
aqbudgets.tt Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
aqcontract.tt Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
aqplan.tt Bug 16242 - Move staff client JavaScript out of language directory 2016-04-29 14:32:42 +00:00
audio_alerts.tt Bug 18122 - Audio alerts: Add hint on where to enable sounds 2017-03-03 18:15:53 +00:00
auth_subfields_structure.tt Bug 17793: Follow up for identified missing changes 2017-02-17 15:34:11 +00:00
auth_tag_structure.tt Bug 17793: Make sysprefs search show on all Admin pages 2017-02-17 15:34:11 +00:00
authorised_values.tt Bug 17793: Make sysprefs search show on all Admin pages 2017-02-17 15:34:11 +00:00
authtypes.tt Bug 17793: Make sysprefs search show on all Admin pages 2017-02-17 15:34:11 +00:00
biblio_framework.tt Bug 18111: Swap framework_name and frameworkcode 2017-02-21 19:53:18 +00:00
branch_transfer_limits.tt Bug 18965 - branch transfer limits pagination save bug 2017-07-24 13:38:14 -03:00
branches.tt Bug 13968: Follow up - Clean HTML tags for hints 2017-03-03 17:08:53 +00:00
categories.tt Bug 19034: XSS Flaws in Patron categories pages 2017-08-29 12:00:37 -03:00
checkmarc.tt Bug 17793: Make sysprefs search show on all Admin pages 2017-02-17 15:34:11 +00:00
cities.tt Bug 19034: XSS Flaws in Cities 2017-08-29 12:00:37 -03:00
classsources.tt Bug 17793: Make sysprefs search show on all Admin pages 2017-02-17 15:34:11 +00:00
clone-rules.tt Bug 17793: Follow up for identified missing changes 2017-02-17 15:34:11 +00:00
columns_settings.tt Bug 17793: Make sysprefs search show on all Admin pages 2017-02-17 15:34:11 +00:00
currency.tt Bug 18684 - Get rid of %%] in translation for currency.tt 2017-06-21 11:23:47 -03:00
didyoumean.tt Bug 17793: Make sysprefs search show on all Admin pages 2017-02-17 15:34:11 +00:00
edi_accounts.tt Bug 18699: Get rid of %%] in translation for edi_accounts.tt 2017-06-16 17:04:08 -03:00
edi_ean_accounts.tt Bug 17793: Make sysprefs search show on all Admin pages 2017-02-17 15:34:11 +00:00
fieldmapping.tt Bug 18269: Move field mappings related code to Koha::FieldMapping[s] 2017-03-31 10:20:00 +00:00
item_circulation_alerts.tt Bug 17793: Make sysprefs search show on all Admin pages 2017-02-17 15:34:11 +00:00
items_search_field.tt Bug 17793: Make sysprefs search show on all Admin pages 2017-02-17 15:34:11 +00:00
items_search_fields.tt Bug 17793: Make sysprefs search show on all Admin pages 2017-02-17 15:34:11 +00:00
itemtypes.tt Bug 17944 - Add Koha::ItemType->can_be_deleted and use it from admin/itemtypes.pl 2017-06-05 11:59:10 -03:00
koha2marclinks.tt Bug 17793: Make sysprefs search show on all Admin pages 2017-02-17 15:34:11 +00:00
localization.tt Bug 16241 - Move staff client CSS out of language directory 2016-04-29 13:54:37 +00:00
marc_subfields_structure.tt Bug 17793: Follow up for identified missing changes 2017-02-17 15:34:11 +00:00
marctagstructure.tt Bug 17793: Make sysprefs search show on all Admin pages 2017-02-17 15:34:11 +00:00
matching-rules.tt Bug 18824: Remove stray i from matching-rules.tt 2017-07-06 14:29:04 -03:00
oai_set_mappings.tt Bug 17793: Make sysprefs search show on all Admin pages 2017-02-17 15:34:11 +00:00
oai_sets.tt Bug 17793: Make sysprefs search show on all Admin pages 2017-02-17 15:34:11 +00:00
patron-attr-types.tt Bug 13757: Add the option to set patron attributes editable in the OPAC 2017-03-24 18:44:51 +00:00
preferences.tt Bug 19078 - XSS Flaws in System preferences 2017-08-29 12:00:37 -03:00
printers.tt Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
smart-rules.tt Bug 19027 - Circulation rules: Better wording for standard rules for all libraries 2017-08-10 16:25:35 -03:00
sms_providers.tt Bug 17793: Make sysprefs search show on all Admin pages 2017-02-17 15:34:11 +00:00
sru_modmapping.tt Bug 16308 - Remove the use of "onclick" from Z39.50/SRU servers template 2016-04-29 15:46:49 +00:00
systempreferences.tt Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
transport-cost-matrix.tt Bug 17793: Make sysprefs search show on all Admin pages 2017-02-17 15:34:11 +00:00
usage_statistics.tt Bug 18066: Fix map positioning in admin/usage_statistics.pl 2017-03-23 00:10:47 +00:00
z3950servers.tt Bug 16239: Update templates 2017-01-13 14:41:22 +00:00