]> git.koha-community.org Git - koha.git/commit
Bug 19033: XSS Flaws in Currencies and exchange page
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Fri, 4 Aug 2017 04:14:52 +0000 (09:44 +0530)
committerMason James <mtj@kohaaloha.com>
Thu, 24 Aug 2017 05:57:24 +0000 (17:57 +1200)
commit180865ff0f17d23406ff24e8f26274e292519c23
treeaf9f06b351e70367e3fb0b369b5a1705f54308a3
parent11e589de5625ae999086f5d1386fa8367c4103f9
Bug 19033: XSS Flaws in Currencies and exchange page

1. Hit /cgi-bin/koha/admin/currency.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search currencies box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on search currencies box.
6. Notice it is no longer executed

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Fixes the issue, follows common practice on the codebase.
Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/intranet-tmpl/prog/en/modules/admin/currency.tt