From 9b7969033f6820e7e9af314018f87ec462cc5b6d Mon Sep 17 00:00:00 2001 From: Amit Gupta Date: Fri, 4 Aug 2017 10:38:12 +0530 Subject: [PATCH] Bug 19034: XSS Flaws in Cities 1. Hit /cgi-bin/koha/admin/cities.pl 2. Enter search cities box. 3. Notice the iframe is executed. 4. Apply patch. 5. Reload page, and enter iframe again on search cities box. 6. Notice it is no longer executed. Signed-off-by: Tomas Cohen Arazi Signed-off-by: Jonathan Druart (cherry picked from commit 8b294c5a4bece7086688fb44c7c45a1ee820247c) Signed-off-by: Fridolin Somers --- koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt index 7acb4d6c69..a440cf14ca 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt @@ -143,7 +143,7 @@

Cities

[% IF searchfield %] - Searching: [% searchfield %] + Searching: [% searchfield |html %] [% END %] [% IF cities.count %] -- 2.39.5