git.koha-community.org Git - koha.git/commit

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Fri, 4 Aug 2017 05:11:49 +0000 (10:41 +0530)
committer	Katrin Fischer <katrin.fischer.83@web.de>
	Sun, 20 Aug 2017 13:48:05 +0000 (15:48 +0200)
commit	491a8c979c91fe447010dd139912624014549e3e
tree	5b2cd004ce7723d6670da72dd1a2c7d748badab1	tree \| snapshot
parent	4d31c40956b45d3e92fde03387007aa1640cd713	commit \| diff

Bug 19034: XSS Flaws in Z39.50/SRU servers administration

1. Hit /cgi-bin/koha/admin/z3950servers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search Z39.50/SRU servers box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search Z39.50/SRU servers box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

koha-tmpl/intranet-tmpl/prog/en/modules/admin/z3950servers.tt

diff | blob | history

Main Koha release repository

RSS Atom