]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 307d369) | patch
Bug 19078 - XSS Flaws in System preferences
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Thu, 10 Aug 2017 16:21:38 +0000 (21:51 +0530)
committerMason James <mtj@kohaaloha.com>
Thu, 24 Aug 2017 05:42:31 +0000 (17:42 +1200)
commit90d25a56a672e2b19786af5453595805fae7f347
tree0e893ed77841842219aed9dfe386648c5abac4cetree | snapshot
parent307d369a361e34a304d1de25f0d8cde5c05d5d98commit | diff
Bug 19078 - XSS Flaws in System preferences

1. Hit /cgi-bin/koha/admin/preferences.pl
2. Enter <script>alert('amit')</script> in search system preferences box.
3. Notice the java script is executed.
4. Apply patch.
5. Reload page, and enter <script>alert('amit')</script> in search system preferences box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences.tt diff | blob | history
Main Koha release repository