]> git.koha-community.org Git - koha.git/commit
Bug 19034: XSS Flaws in Patron categories pages
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Fri, 4 Aug 2017 05:04:19 +0000 (10:34 +0530)
committerFridolin Somers <fridolin.somers@biblibre.com>
Wed, 23 Aug 2017 14:58:48 +0000 (16:58 +0200)
commitbc0a636c18b3bb66e29dd7ca0bf4488fe742d75f
treee0586d56600df94a622212a8af0bc9b716da2302
parent77a8be98a47c3a424a4e81e1da25fbfed961bec3
Bug 19034: XSS Flaws in Patron categories pages

1. Hit /cgi-bin/koha/admin/categories.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search patron categories box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search patron categories box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 28b9a1246781fb45427a593703542a99600f6d1f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
koha-tmpl/intranet-tmpl/prog/en/modules/admin/categories.tt