From 3199cff63924520a4cc4564f3590427dbed867f8 Mon Sep 17 00:00:00 2001 From: Amit Gupta Date: Mon, 7 Aug 2017 22:04:30 +0530 Subject: [PATCH] Bug 19052 - XSS Flaws in vendor search page 1. Hit /cgi-bin/koha/acqui/booksellers.pl 2. Enter vendor search box. 3. Notice the iframe is executed. 4. Apply patch. 5. Reload page, and enter iframe again on vendor search box. 6. Notice it is no longer executed. Signed-off-by: Chris Cormack Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart --- koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt index 02eda130fa..e9f44dcaec 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt @@ -55,7 +55,7 @@ $(document).ready(function() { [% INCLUDE 'header.inc' %] [% INCLUDE 'acquisitions-search.inc' %] - +
-- 2.39.5