Koha/koha-tmpl/intranet-tmpl/prog/en/modules/labels
Amit Gupta c57d0b71c7 Bug 19050 - XSS Flaws in Quick spine label creator
1. Hit /cgi-bin/koha/labels/spinelabel-home.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> barcode text box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on barcode text box.
6. Notice it is no longer executed

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
..
label-bib-search.tt Bug 7760 - Add ids and classes to every staff page to help with customization (patroncard, labels) 2012-03-22 18:12:33 +01:00
label-edit-batch.tt Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
label-edit-layout.tt Bug 17083: Remove more event attributes from tools templates 2016-09-25 15:48:13 +00:00
label-edit-profile.tt Bug 15211: adding Tools section sidebar to label creator 2015-12-31 14:58:58 +00:00
label-edit-template.tt Bug 15211: adding Tools section sidebar to label creator 2015-12-31 14:58:58 +00:00
label-home.tt Bug 16241 - Move staff client CSS out of language directory 2016-04-29 13:54:37 +00:00
label-manage.tt Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
label-print.tt Bug 16576 [Revised] Remove the use of "onclick" from label templates 2016-09-09 12:11:21 +00:00
result.tt Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
search.tt Bug 11880: Select what has been selected before 2015-08-28 10:09:02 -03:00
spinelabel-home.tt Bug 7760 - Add ids and classes to every staff page to help with customization (patroncard, labels) 2012-03-22 18:12:33 +01:00
spinelabel-print.tt Bug 19050 - XSS Flaws in Quick spine label creator 2017-08-29 12:00:37 -03:00