git.koha-community.org Git - koha.git/commit

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Fri, 4 Aug 2017 05:08:12 +0000 (10:38 +0530)
committer	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
commit	3f7fc907ba9bf5cc2a077e541646118a213c8563
tree	6d1b319222a1565865a95b2416c5c957be6334be	tree \| snapshot
parent	e0dd5666341940b6310ac0c8c05e0f594b5386eb	commit \| diff

Bug 19034: XSS Flaws in Cities

1. Hit /cgi-bin/koha/admin/cities.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search cities box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search cities box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt

diff | blob | history

Main Koha release repository

RSS Atom