]> git.koha-community.org Git - koha.git/commit
Bug 19051 - XSS Flaws in Batch item deletion page
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 7 Aug 2017 15:54:44 +0000 (21:24 +0530)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
commit9f19d3d44c410be80bf8fd468b86ac7f7d9d4bcd
treeab015449cd2eec862f5bd777da97a14d3e03b8e5
parent92d58c60b0fa20a4c1e67edaf6cd4be50dcdce21
Bug 19051 - XSS Flaws in Batch item deletion page

1. Hit /cgi-bin/koha/tools/batchMod.pl?del=1
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Barcode list (one barcode per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Barcode list (one barcode per line) text area.
6. Notice it is no longer executed.
7. Fixes for both barcode and itemnumber.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-del.tt