]> git.koha-community.org Git - koha.git/commit
Bug 19050 - XSS Flaws in Quick spine label creator
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 7 Aug 2017 15:19:56 +0000 (20:49 +0530)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
commitc57d0b71c7b9bac44cd79c822e3009136bbf25fe
treeaa6b549ef0ab403d52191c893578ae110e1fe6b3
parent861cec577317d4ef56cdad23afc94a7d1968c1c9
Bug 19050 - XSS Flaws in Quick spine label creator

1. Hit /cgi-bin/koha/labels/spinelabel-home.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> barcode text box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on barcode text box.
6. Notice it is no longer executed

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/labels/spinelabel-print.tt