]> git.koha-community.org Git - koha.git/commit
Bug 19054 - XSS Flaws in Report - Top Most-circulated items
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 7 Aug 2017 17:04:05 +0000 (22:34 +0530)
committerMason James <mtj@kohaaloha.com>
Thu, 24 Aug 2017 05:42:48 +0000 (17:42 +1200)
commit0c1a34ce5d45248603e96bb09b9ac256348a597c
treee8439cf94568b3c58a923854c288e084a78f62da
parent90d25a56a672e2b19786af5453595805fae7f347
Bug 19054 - XSS Flaws in Report - Top Most-circulated items

1. Hit /cgi-bin/koha/reports/cat_issues_top.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in Callnumber, Day, Month, Year search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Callnumber, Day, Month, Year search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/intranet-tmpl/prog/en/modules/reports/cat_issues_top.tt