]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 862a9e7) | patch
Bug 19034: XSS Flaws in Cities
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Fri, 4 Aug 2017 05:08:12 +0000 (10:38 +0530)
committerMason James <mtj@kohaaloha.com>
Thu, 24 Aug 2017 05:57:03 +0000 (17:57 +1200)
commit8a14d5233879a9f0cc296aaf94a94a98eb345caa
tree2c68ff7db584f23fbdac23ecbe24958de0f5fe77tree | snapshot
parent862a9e7905f8c6be87c8f81eac636f677da1c975commit | diff
Bug 19034: XSS Flaws in Cities

1. Hit /cgi-bin/koha/admin/cities.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search cities box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search cities box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt diff | blob | history
Main Koha release repository