]> git.koha-community.org Git - koha.git/commit
Bug 19051 - XSS Flaws in Batch item deletion page
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 7 Aug 2017 15:54:44 +0000 (21:24 +0530)
committerMason James <mtj@kohaaloha.com>
Thu, 24 Aug 2017 05:56:08 +0000 (17:56 +1200)
commitdb9051cb795be237ea14cdea3bf508a4a22f118d
tree34aaa91f97cffcd92c06f218ed460a30405f75e3
parentc8f66aa7d350a154e658119afd0abc29ff377bc3
Bug 19051 - XSS Flaws in Batch item deletion page

1. Hit /cgi-bin/koha/tools/batchMod.pl?del=1
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Barcode list (one barcode per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Barcode list (one barcode per line) text area.
6. Notice it is no longer executed.
7. Fixes for both barcode and itemnumber.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-del.tt