From 4d31c40956b45d3e92fde03387007aa1640cd713 Mon Sep 17 00:00:00 2001 From: Amit Gupta Date: Fri, 4 Aug 2017 10:38:12 +0530 Subject: [PATCH] Bug 19034: XSS Flaws in Cities 1. Hit /cgi-bin/koha/admin/cities.pl 2. Enter search cities box. 3. Notice the iframe is executed. 4. Apply patch. 5. Reload page, and enter iframe again on search cities box. 6. Notice it is no longer executed. Signed-off-by: Tomas Cohen Arazi --- koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt index 25a6564519..ab1ae72d2f 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt @@ -143,7 +143,7 @@

Cities

[% IF searchfield %] - Searching: [% searchfield %] + Searching: [% searchfield |html %] [% END %] [% IF cities.count %] -- 2.39.5