From 818dd531ecae29e0a6e14072ed9d8f5d448cfafb Mon Sep 17 00:00:00 2001 From: Amit Gupta Date: Mon, 7 Aug 2017 22:04:30 +0530 Subject: [PATCH] Bug 19052 - XSS Flaws in vendor search page 1. Hit /cgi-bin/koha/acqui/booksellers.pl 2. Enter vendor search box. 3. Notice the iframe is executed. 4. Apply patch. 5. Reload page, and enter iframe again on vendor search box. 6. Notice it is no longer executed. Signed-off-by: Chris Cormack Signed-off-by: Marcel de Rooy Signed-off-by: Mason James --- koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt index ff92a913d6..7f66ca62c0 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt @@ -42,7 +42,7 @@ $(document).ready(function() { [% INCLUDE 'header.inc' %] [% INCLUDE 'acquisitions-search.inc' %] - +
-- 2.39.5