]> git.koha-community.org Git - koha.git/commit
Bug 19052 - XSS Flaws in vendor search page
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 7 Aug 2017 16:34:30 +0000 (22:04 +0530)
committerMason James <mtj@kohaaloha.com>
Thu, 24 Aug 2017 05:43:00 +0000 (17:43 +1200)
commit818dd531ecae29e0a6e14072ed9d8f5d448cfafb
treea892f04b1d373b4e10c4dce7aa8a2b50655dff86
parent0c1a34ce5d45248603e96bb09b9ac256348a597c
Bug 19052 - XSS Flaws in vendor search page

1. Hit /cgi-bin/koha/acqui/booksellers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> vendor search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on vendor search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt