git.koha-community.org Git - koha.git/commit

]> git.koha-community.org Git - koha.git/commit

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Fri, 4 Aug 2017 05:11:49 +0000 (10:41 +0530)
committer	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
commit	46b0b0a75b01d700ec02c458896c27760e604465
tree	4148c48741139bc2cc33aba07ea29b4981cf8220	tree \| snapshot
parent	3f7fc907ba9bf5cc2a077e541646118a213c8563	commit \| diff

Bug 19034: XSS Flaws in Z39.50/SRU servers administration

1. Hit /cgi-bin/koha/admin/z3950servers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search Z39.50/SRU servers box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search Z39.50/SRU servers box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

koha-tmpl/intranet-tmpl/prog/en/modules/admin/z3950servers.tt

diff | blob | history

Main Koha release repository

RSS Atom