projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bd298a1) | patch
Bug 19052 - XSS Flaws in - Invoice search page
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 7 Aug 2017 16:47:14 +0000 (21:47 +0530)
committerKatrin Fischer <katrin.fischer.83@web.de>
Sun, 20 Aug 2017 13:50:21 +0000 (15:50 +0200)
commit9dba77c14e9b616ab9b0eac7cd55f0b0fd32fcd1
tree5efa2c18e9fffbeb320cbe3b3a5439904cb19baftree | snapshot
parentbd298a135138703f4ab3ff4986dd964326a18ffccommit | diff
Bug 19052 - XSS Flaws in - Invoice search page

1. Hit /cgi-bin/koha/acqui/invoices.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> Invoiceno,
   ISBN/EAN/ISSN, Title, Author, Publihser, Publication year search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Invoiceno,
   ISBN/EAN/ISSN, Title, Author, Publihser, Publication year search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/invoices.tt diff | blob | history
Mirror of git://git.koha-community.org/koha.git