]> git.koha-community.org Git - koha.git/commit
Bug 19034: XSS Flaws in Patron categories pages
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Fri, 4 Aug 2017 05:04:19 +0000 (10:34 +0530)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
commite0dd5666341940b6310ac0c8c05e0f594b5386eb
tree124c6a6db19ff1137c41910f3c5a4cf2671ae712
parentc57d0b71c7b9bac44cd79c822e3009136bbf25fe
Bug 19034: XSS Flaws in Patron categories pages

1. Hit /cgi-bin/koha/admin/categories.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search patron categories box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search patron categories box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/admin/categories.tt