]> git.koha-community.org Git - koha.git/commit
Bug 19054 - XSS Flaws in Report - Top Most-circulated items
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 7 Aug 2017 17:04:05 +0000 (22:34 +0530)
committerKatrin Fischer <katrin.fischer.83@web.de>
Sun, 20 Aug 2017 13:50:55 +0000 (15:50 +0200)
commitd0d50b5d4d667546931577eecfdeddeb2bf6236c
treeda2436b0ed6766270719e30fcfc8487d8b10ab9a
parent9dba77c14e9b616ab9b0eac7cd55f0b0fd32fcd1
Bug 19054 - XSS Flaws in Report - Top Most-circulated items

1. Hit /cgi-bin/koha/reports/cat_issues_top.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in Callnumber, Day, Month, Year search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Callnumber, Day, Month, Year search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
koha-tmpl/intranet-tmpl/prog/en/modules/reports/cat_issues_top.tt