git.koha-community.org Git - koha.git/commit

]> git.koha-community.org Git - koha.git/commit

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Thu, 10 Aug 2017 16:21:38 +0000 (21:51 +0530)
committer	Katrin Fischer <katrin.fischer.83@web.de>
	Sun, 20 Aug 2017 13:51:18 +0000 (15:51 +0200)
commit	1dd066cb99fe67070097453a71a5414640576fb5
tree	d235ef0ff1a55089101d5c35ead39618fdf0014f	tree \| snapshot
parent	d0d50b5d4d667546931577eecfdeddeb2bf6236c	commit \| diff

Bug 19078 - XSS Flaws in System preferences

1. Hit /cgi-bin/koha/admin/preferences.pl
2. Enter <script>alert('amit')</script> in search system preferences box.
3. Notice the java script is executed.
4. Apply patch.
5. Reload page, and enter <script>alert('amit')</script> in search system preferences box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences.tt

diff | blob | history

Main Koha release repository

RSS Atom