]> git.koha-community.org Git - koha.git/commit
Bug 19051 - XSS Flaws in - Batch item modification page
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 7 Aug 2017 16:13:56 +0000 (21:43 +0530)
committerFridolin Somers <fridolin.somers@biblibre.com>
Wed, 23 Aug 2017 14:56:05 +0000 (16:56 +0200)
commit0565a70c5cb4c8f365d64658109b4d84e8964952
treee0d330dcd378b81054f44c3d91deca21b7efc926
parent06261dce0b397a4057d343e50aaf244ddff5f974
Bug 19051 - XSS Flaws in - Batch item modification page

1. Hit /cgi-bin/koha/tools/batchMod.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Barcode list (one barcode per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Barcode list (one barcode per line) text area.
6. Notice it is no longer executed.
7. Fixes for both barcode and itemnumber.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 0726c79361a22051b847e9fe8668ab6faf81479a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-edit.tt