]> git.koha-community.org Git - koha.git/commit
Bug 19052 - XSS Flaws in vendor search page
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 7 Aug 2017 16:34:30 +0000 (22:04 +0530)
committerKatrin Fischer <katrin.fischer.83@web.de>
Sun, 20 Aug 2017 13:50:21 +0000 (15:50 +0200)
commitbd298a135138703f4ab3ff4986dd964326a18ffc
tree22bb1d2470b0f23fb9d3acebdf80a14793fcbffc
parent61d082f7e5d9b264c1551cad837a1e63d1678bce
Bug 19052 - XSS Flaws in vendor search page

1. Hit /cgi-bin/koha/acqui/booksellers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> vendor search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on vendor search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt