git.koha-community.org Git - koha.git/commit

]> git.koha-community.org Git - koha.git/commit

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Fri, 4 Aug 2017 05:08:12 +0000 (10:38 +0530)
committer	Katrin Fischer <katrin.fischer.83@web.de>
	Sun, 20 Aug 2017 13:48:05 +0000 (15:48 +0200)
commit	4d31c40956b45d3e92fde03387007aa1640cd713
tree	ac8e6ca3873fe8f5a471c528281e8a22fa431894	tree \| snapshot
parent	e1f528834100b772002e24940d65138c8cbd1756	commit \| diff

Bug 19034: XSS Flaws in Cities

1. Hit /cgi-bin/koha/admin/cities.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search cities box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search cities box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

koha-tmpl/intranet-tmpl/prog/en/modules/admin/cities.tt

diff | blob | history

Main Koha release repository

RSS Atom