From e0dd5666341940b6310ac0c8c05e0f594b5386eb Mon Sep 17 00:00:00 2001 From: Amit Gupta Date: Fri, 4 Aug 2017 10:34:19 +0530 Subject: [PATCH] Bug 19034: XSS Flaws in Patron categories pages 1. Hit /cgi-bin/koha/admin/categories.pl 2. Enter search patron categories box. 3. Notice the iframe is executed. 4. Apply patch. 5. Reload page, and enter iframe again on search patron categories box. 6. Notice it is no longer executed. Signed-off-by: Tomas Cohen Arazi Signed-off-by: Jonathan Druart --- koha-tmpl/intranet-tmpl/prog/en/modules/admin/categories.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/categories.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/categories.tt index e33b36fc5f..2f965dd099 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/categories.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/categories.tt @@ -335,7 +335,7 @@

Patron categories

[% IF searchfield %] - You Searched for [% searchfield %] + You Searched for [% searchfield |html %] [% END %] [% IF categories%] -- 2.39.5