]> git.koha-community.org Git - koha.git/commit
Bug 19050 - XSS Flaws in Quick spine label creator
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 7 Aug 2017 15:19:56 +0000 (20:49 +0530)
committerFridolin Somers <fridolin.somers@biblibre.com>
Wed, 23 Aug 2017 14:56:15 +0000 (16:56 +0200)
commit77a8be98a47c3a424a4e81e1da25fbfed961bec3
tree5f2e8ab28eec8fd2a52c7331005aa9a25ce00c2e
parent0565a70c5cb4c8f365d64658109b4d84e8964952
Bug 19050 - XSS Flaws in Quick spine label creator

1. Hit /cgi-bin/koha/labels/spinelabel-home.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> barcode text box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on barcode text box.
6. Notice it is no longer executed

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 18b6e1f5272ee4e2c4c1971a4346c1759df4b3d6)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
koha-tmpl/intranet-tmpl/prog/en/modules/labels/spinelabel-print.tt