Koha/koha-tmpl/intranet-tmpl/prog/en/modules/admin at 8c3da351307be664a879148ce4ca9215ca1c2da7 - Koha-community/Koha - Koha: The world's first free and open source library system

History

Amit Gupta 8c3da35130 Bug 19033: XSS Flaws in Currencies and exchange page 1. Hit /cgi-bin/koha/admin/currency.pl 2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search currencies box. 3. Notice the iframe is executed 4. Apply patch 5. Reload page, and enter iframe again on search currencies box. 6. Notice it is no longer executed Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Fixes the issue, follows common practice on the codebase. Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>		2017-08-29 12:00:37 -03:00
..
preferences	Bug 16892: Add automatic patron registration via OAuth2 login	2017-08-25 10:51:25 -03:00
searchengine/elasticsearch
admin-home.tt	Bug 18700 Fix grammar (data cannot be pluralized)	2017-06-05 11:46:58 -03:00
aqbudgetperiods.tt
aqbudgets.tt
aqcontract.tt
aqplan.tt
audio_alerts.tt
auth_subfields_structure.tt
auth_tag_structure.tt
authorised_values.tt
authtypes.tt
biblio_framework.tt
branch_transfer_limits.tt	Bug 18965 - branch transfer limits pagination save bug	2017-07-24 13:38:14 -03:00
branches.tt
categories.tt	Bug 19034: XSS Flaws in Patron categories pages	2017-08-29 12:00:37 -03:00
checkmarc.tt
cities.tt	Bug 19034: XSS Flaws in Cities	2017-08-29 12:00:37 -03:00
classsources.tt
clone-rules.tt
columns_settings.tt
currency.tt	Bug 19033: XSS Flaws in Currencies and exchange page	2017-08-29 12:00:37 -03:00
didyoumean.tt
edi_accounts.tt	Bug 18699: Get rid of %%] in translation for edi_accounts.tt	2017-06-16 17:04:08 -03:00
edi_ean_accounts.tt
fieldmapping.tt
item_circulation_alerts.tt
items_search_field.tt
items_search_fields.tt
itemtypes.tt	Bug 17944 - Add Koha::ItemType->can_be_deleted and use it from admin/itemtypes.pl	2017-06-05 11:59:10 -03:00
koha2marclinks.tt
localization.tt
marc_subfields_structure.tt
marctagstructure.tt
matching-rules.tt	Bug 18824: Remove stray i from matching-rules.tt	2017-07-06 14:29:04 -03:00
oai_set_mappings.tt
oai_sets.tt
patron-attr-types.tt
preferences.tt	Bug 19078 - XSS Flaws in System preferences	2017-08-29 12:00:37 -03:00
printers.tt
smart-rules.tt	Bug 19027 - Circulation rules: Better wording for standard rules for all libraries	2017-08-10 16:25:35 -03:00
sms_providers.tt
sru_modmapping.tt
systempreferences.tt
transport-cost-matrix.tt
usage_statistics.tt
z3950servers.tt	Bug 19034: XSS Flaws in Z39.50/SRU servers administration	2017-08-29 12:00:37 -03:00