]> git.koha-community.org Git - koha.git/commit
Bug 19034: XSS Flaws in Z39.50/SRU servers administration
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Fri, 4 Aug 2017 05:11:49 +0000 (10:41 +0530)
committerKatrin Fischer <katrin.fischer.83@web.de>
Sun, 20 Aug 2017 13:48:05 +0000 (15:48 +0200)
commit491a8c979c91fe447010dd139912624014549e3e
tree5b2cd004ce7723d6670da72dd1a2c7d748badab1
parent4d31c40956b45d3e92fde03387007aa1640cd713
Bug 19034: XSS Flaws in Z39.50/SRU servers administration

1. Hit /cgi-bin/koha/admin/z3950servers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search Z39.50/SRU servers box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search Z39.50/SRU servers box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
koha-tmpl/intranet-tmpl/prog/en/modules/admin/z3950servers.tt