Koha/koha-tmpl/intranet-tmpl/prog/en/modules/reports
Amit Gupta 1a7040b7b0 Bug 19054 - XSS Flaws in Report - Top Most-circulated items
1. Hit /cgi-bin/koha/reports/cat_issues_top.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in Callnumber, Day, Month, Year search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Callnumber, Day, Month, Year search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
..
csv Bug 18331: POST_CHOMP everywhere! 2017-08-15 12:17:41 -03:00
acquisitions_stats.tt
bor_issues_top.tt
borrowers_out.tt
borrowers_stats.tt
cash_register_stats.tt Bug 18919: Repair "Transaction branch" in cash_register_stats.pl 2017-08-15 12:17:45 -03:00
cat_issues_top.tt Bug 19054 - XSS Flaws in Report - Top Most-circulated items 2017-08-29 12:00:37 -03:00
catalogue_out.tt
catalogue_stats.tt
convert_report.tt Bug 18667: Show a diff view of SQL reports when converting 2017-07-13 16:39:04 -03:00
dictionary.tt
guided_reports_start.tt Bug 18985 - SQL reports 'Last edit' and 'Last run' columns sort alphabetically, not chronologically 2017-08-10 16:25:35 -03:00
issues_avg_stats.tt
issues_by_borrower_category.tt
issues_stats.tt
itemslost.tt
itemtypes.tt
orders_by_budget.tt
reports-home.tt
reserves_stats.tt
serials_stats.tt