]> git.koha-community.org Git - koha.git/commit
Bug 19050 - XSS Flaws in Quick spine label creator
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 7 Aug 2017 15:19:56 +0000 (20:49 +0530)
committerKatrin Fischer <katrin.fischer.83@web.de>
Sun, 20 Aug 2017 13:49:30 +0000 (15:49 +0200)
commit5e2f38a958276308e600698590942f025e17cffa
tree6169a895e1322c049f70261713c4e1567e0f7b0e
parente059356d92500138d3803e8730f65bd1756c52f3
Bug 19050 - XSS Flaws in Quick spine label creator

1. Hit /cgi-bin/koha/labels/spinelabel-home.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> barcode text box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on barcode text box.
6. Notice it is no longer executed

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
koha-tmpl/intranet-tmpl/prog/en/modules/labels/spinelabel-print.tt