]> git.koha-community.org Git - koha.git/commit
Bug 19050 - XSS Flaws in Quick spine label creator
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 7 Aug 2017 15:19:56 +0000 (20:49 +0530)
committerMason James <mtj@kohaaloha.com>
Thu, 24 Aug 2017 05:56:53 +0000 (17:56 +1200)
commit1da4f24517cf9317b1578665eaca76fb3150bf30
tree7d770acd1a67752f9442e31d819d6deef1078c9d
parentf0aafa91bd74d23d4466725740d64905b2f4ce05
Bug 19050 - XSS Flaws in Quick spine label creator

1. Hit /cgi-bin/koha/labels/spinelabel-home.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> barcode text box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on barcode text box.
6. Notice it is no longer executed

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/intranet-tmpl/prog/en/modules/labels/spinelabel-print.tt