From 8a14d5233879a9f0cc296aaf94a94a98eb345caa Mon Sep 17 00:00:00 2001 From: Amit Gupta Date: Fri, 4 Aug 2017 10:38:12 +0530 Subject: [PATCH] Bug 19034: XSS Flaws in Cities 1. Hit /cgi-bin/koha/admin/cities.pl 2. Enter search cities box. 3. Notice the iframe is executed. 4. Apply patch. 5. Reload page, and enter iframe again on search cities box. 6. Notice it is no longer executed. Signed-off-by: Tomas Cohen Arazi Signed-off-by: Mason James --- koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt index 25a6564519..ab1ae72d2f 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt @@ -143,7 +143,7 @@

Cities

[% IF searchfield %] - Searching: [% searchfield %] + Searching: [% searchfield |html %] [% END %] [% IF cities.count %] -- 2.39.5