]> git.koha-community.org Git - koha.git/commit
Bug 19052 - XSS Flaws in vendor search page
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 7 Aug 2017 16:34:30 +0000 (22:04 +0530)
committerFridolin Somers <fridolin.somers@biblibre.com>
Wed, 23 Aug 2017 14:55:08 +0000 (16:55 +0200)
commit14646cd3f84db891f1fe5562ba2577c3fc82cd7c
treef70b303fea280e2a63054272986c970ef1f63031
parent1c5b315787c5714b2453f9b1ec9eb66ae6aa51b3
Bug 19052 - XSS Flaws in vendor search page

1. Hit /cgi-bin/koha/acqui/booksellers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> vendor search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on vendor search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit d8b1c8fc7d9ba254b1e71d1501abfae4102e7eea)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt