]> git.koha-community.org Git - koha.git/commit
Bug 19033: XSS Flaws in Currencies and exchange page
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Fri, 4 Aug 2017 04:14:52 +0000 (09:44 +0530)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
commit8c3da351307be664a879148ce4ca9215ca1c2da7
tree43b5ffce1a08daf84d9670751a41837ba7b50441
parent4b11d0c8627d31ad026c7494852cd25db0a5295c
Bug 19033: XSS Flaws in Currencies and exchange page

1. Hit /cgi-bin/koha/admin/currency.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search currencies box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on search currencies box.
6. Notice it is no longer executed

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Fixes the issue, follows common practice on the codebase.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/admin/currency.tt