]> git.koha-community.org Git - koha.git/commit
Bug 19034: XSS Flaws in Cities
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Fri, 4 Aug 2017 05:08:12 +0000 (10:38 +0530)
committerFridolin Somers <fridolin.somers@biblibre.com>
Wed, 23 Aug 2017 14:59:00 +0000 (16:59 +0200)
commit9b7969033f6820e7e9af314018f87ec462cc5b6d
tree454f9cc27ec2cded5c59e45df566b8d3d27f5ac0
parentbc0a636c18b3bb66e29dd7ca0bf4488fe742d75f
Bug 19034: XSS Flaws in Cities

1. Hit /cgi-bin/koha/admin/cities.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search cities box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search cities box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 8b294c5a4bece7086688fb44c7c45a1ee820247c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt