From cfd67c694e48e119c68e7bb9504d371d3049e689 Mon Sep 17 00:00:00 2001 From: Amit Gupta Date: Fri, 4 Aug 2017 10:41:49 +0530 Subject: [PATCH] Bug 19034: XSS Flaws in Z39.50/SRU servers administration 1. Hit /cgi-bin/koha/admin/z3950servers.pl 2. Enter search Z39.50/SRU servers box. 3. Notice the iframe is executed. 4. Apply patch. 5. Reload page, and enter iframe again on search Z39.50/SRU servers box. 6. Notice it is no longer executed. Signed-off-by: Tomas Cohen Arazi Signed-off-by: Mason James --- koha-tmpl/intranet-tmpl/prog/en/modules/admin/z3950servers.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/z3950servers.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/z3950servers.tt index dda1a0f2d3..ef90d6e81b 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/z3950servers.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/z3950servers.tt @@ -225,7 +225,7 @@ [% IF id %] You searched for record [% id %] [% ELSIF searchfield %] - You searched for [% searchfield %] + You searched for [% searchfield |html %] [% END %] -- 2.39.5
TargetHostname/PortDatabaseUseridPasswordPreselectedRankSyntaxEncodingTimeoutRecord type