git.koha-community.org Git - koha.git/commit

]> git.koha-community.org Git - koha.git/commit

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Mon, 7 Aug 2017 16:34:30 +0000 (22:04 +0530)
committer	Katrin Fischer <katrin.fischer.83@web.de>
	Sun, 20 Aug 2017 13:50:21 +0000 (15:50 +0200)
commit	bd298a135138703f4ab3ff4986dd964326a18ffc
tree	22bb1d2470b0f23fb9d3acebdf80a14793fcbffc	tree \| snapshot
parent	61d082f7e5d9b264c1551cad837a1e63d1678bce	commit \| diff

Bug 19052 - XSS Flaws in vendor search page

1. Hit /cgi-bin/koha/acqui/booksellers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> vendor search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on vendor search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt

diff | blob | history

Main Koha release repository

RSS Atom