Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en
History
Amit Gupta 9f19d3d44c Bug 19051 - XSS Flaws in Batch item deletion page 
1. Hit /cgi-bin/koha/tools/batchMod.pl?del=1
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Barcode list (one barcode per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Barcode list (one barcode per line) text area.
6. Notice it is no longer executed.
7. Fixes for both barcode and itemnumber.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
..
data Bug 17288: (follow-up) Fix marc21_field_007.xml 2017-08-25 10:59:03 -03:00
includes Bug 18447 - Datepicker only shows -10/+10 years 2017-08-25 11:38:46 -03:00
js Bug 16795 - Patron categories: Accept integers only for enrolment period and age limits 2016-07-08 13:15:31 +00:00
modules Bug 19051 - XSS Flaws in Batch item deletion page 2017-08-29 12:00:37 -03:00
xslt Bug 15140 (QA Followup) lowercase the search index 2017-07-26 14:42:45 -03:00
columns.def Bug 17196: Remove occurrence of marcxml in columns.def 2017-01-13 13:49:30 +00:00