]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1da4f24) | patch
Bug 19034: XSS Flaws in Patron categories pages
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Fri, 4 Aug 2017 05:04:19 +0000 (10:34 +0530)
committerMason James <mtj@kohaaloha.com>
Thu, 24 Aug 2017 05:57:03 +0000 (17:57 +1200)
commit862a9e7905f8c6be87c8f81eac636f677da1c975
tree9624d769b1b3aeb94d64b153cf7ce34cdfe089b6tree | snapshot
parent1da4f24517cf9317b1578665eaca76fb3150bf30commit | diff
Bug 19034: XSS Flaws in Patron categories pages

1. Hit /cgi-bin/koha/admin/categories.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search patron categories box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search patron categories box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/intranet-tmpl/prog/en/modules/admin/categories.tt diff | blob | history
Main Koha release repository