Koha/koha-tmpl/intranet-tmpl/prog at 92d58c60b0fa20a4c1e67edaf6cd4be50dcdce21 - Koha-community/Koha - Koha: The world's first free and open source library system

History

Amit Gupta 92d58c60b0 Bug 19051 - XSS Flaws in - Batch record deletion page 1. Hit /cgi-bin/koha/tools/batch_delete_records.pl 2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Record number list (one per line) text area. 3. Notice the iframe is executed. 4. Apply patch. 5. Reload page, and enter iframe again on Record number list (one per line) text area. 6. Notice it is no longer executed. 7. Fixes for both biblio and authority records. Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>		2017-08-29 12:00:37 -03:00
..
css
en	Bug 19051 - XSS Flaws in - Batch record deletion page	2017-08-29 12:00:37 -03:00
img
js	Bug 18447 - Remove redundant line	2017-08-25 11:38:46 -03:00
pdf
sound