From bd298a135138703f4ab3ff4986dd964326a18ffc Mon Sep 17 00:00:00 2001 From: Amit Gupta Date: Mon, 7 Aug 2017 22:04:30 +0530 Subject: [PATCH] Bug 19052 - XSS Flaws in vendor search page 1. Hit /cgi-bin/koha/acqui/booksellers.pl 2. Enter vendor search box. 3. Notice the iframe is executed. 4. Apply patch. 5. Reload page, and enter iframe again on vendor search box. 6. Notice it is no longer executed. Signed-off-by: Chris Cormack Signed-off-by: Marcel de Rooy --- koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt index 60c593d0b2..50331d7d18 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt @@ -42,7 +42,7 @@ $(document).ready(function() { [% INCLUDE 'header.inc' %] [% INCLUDE 'acquisitions-search.inc' %] - +
-- 2.39.5