From 14646cd3f84db891f1fe5562ba2577c3fc82cd7c Mon Sep 17 00:00:00 2001 From: Amit Gupta Date: Mon, 7 Aug 2017 22:04:30 +0530 Subject: [PATCH] Bug 19052 - XSS Flaws in vendor search page 1. Hit /cgi-bin/koha/acqui/booksellers.pl 2. Enter vendor search box. 3. Notice the iframe is executed. 4. Apply patch. 5. Reload page, and enter iframe again on vendor search box. 6. Notice it is no longer executed. Signed-off-by: Chris Cormack Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart (cherry picked from commit d8b1c8fc7d9ba254b1e71d1501abfae4102e7eea) Signed-off-by: Fridolin Somers --- koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt index 02eda130fa..e9f44dcaec 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt @@ -55,7 +55,7 @@ $(document).ready(function() { [% INCLUDE 'header.inc' %] [% INCLUDE 'acquisitions-search.inc' %] - +
-- 2.39.5