]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 92a3835) | patch
Bug 19033: XSS Flaws in Currencies and exchange page
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Fri, 4 Aug 2017 04:14:52 +0000 (09:44 +0530)
committerKatrin Fischer <katrin.fischer.83@web.de>
Sun, 20 Aug 2017 13:47:45 +0000 (15:47 +0200)
commit8288adc3583c50dfc6df8131d7d62a4009842bd0
treed80512fa54847ef12d72fd30e3afa5a01a5ef445tree | snapshot
parent92a38358e0c4e4058155e2c4d5dfc68623affcc4commit | diff
Bug 19033: XSS Flaws in Currencies and exchange page

1. Hit /cgi-bin/koha/admin/currency.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search currencies box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on search currencies box.
6. Notice it is no longer executed

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Fixes the issue, follows common practice on the codebase.
koha-tmpl/intranet-tmpl/prog/en/modules/admin/currency.tt diff | blob | history
Main Koha release repository