]> git.koha-community.org Git - koha.git/commit
Bug 19078 - XSS Flaws in System preferences
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Thu, 10 Aug 2017 16:21:38 +0000 (21:51 +0530)
committerFridolin Somers <fridolin.somers@biblibre.com>
Wed, 23 Aug 2017 14:53:43 +0000 (16:53 +0200)
commit24fb60d714e5c6dc3ad3dec1295b871e196cfa98
tree112a816f44632fbc957f500a4dee2a963fb62e31
parent5380e93aca3376e1526e79d02169c8a4d877d645
Bug 19078 - XSS Flaws in System preferences

1. Hit /cgi-bin/koha/admin/preferences.pl
2. Enter <script>alert('amit')</script> in search system preferences box.
3. Notice the java script is executed.
4. Apply patch.
5. Reload page, and enter <script>alert('amit')</script> in search system preferences box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit b7bb60d76041bf00f6a28fe3a55ecc2c7912a275)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences.tt