]> git.koha-community.org Git - koha.git/commit
Bug 19034: XSS Flaws in Patron categories pages
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Fri, 4 Aug 2017 05:04:19 +0000 (10:34 +0530)
committerKatrin Fischer <katrin.fischer.83@web.de>
Sun, 20 Aug 2017 13:48:05 +0000 (15:48 +0200)
commite1f528834100b772002e24940d65138c8cbd1756
tree8ace73c987f525eee7883d3fca8af60152194005
parent8288adc3583c50dfc6df8131d7d62a4009842bd0
Bug 19034: XSS Flaws in Patron categories pages

1. Hit /cgi-bin/koha/admin/categories.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search patron categories box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search patron categories box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
koha-tmpl/intranet-tmpl/prog/en/modules/admin/categories.tt