git.koha-community.org Git - koha.git/commit

]> git.koha-community.org Git - koha.git/commit

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Mon, 7 Aug 2017 16:34:30 +0000 (22:04 +0530)
committer	Mason James <mtj@kohaaloha.com>
	Thu, 24 Aug 2017 05:43:00 +0000 (17:43 +1200)
commit	818dd531ecae29e0a6e14072ed9d8f5d448cfafb
tree	a892f04b1d373b4e10c4dce7aa8a2b50655dff86	tree \| snapshot
parent	0c1a34ce5d45248603e96bb09b9ac256348a597c	commit \| diff

Bug 19052 - XSS Flaws in vendor search page

1. Hit /cgi-bin/koha/acqui/booksellers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> vendor search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on vendor search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>

koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt

diff | blob | history

Main Koha release repository

RSS Atom