git.equinoxoli.org Git - koha.git/commit

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Fri, 4 Aug 2017 05:04:19 +0000 (10:04 +0530)
committer	Katrin Fischer <katrin.fischer.83@web.de>
	Sun, 20 Aug 2017 13:48:05 +0000 (15:48 +0200)
commit	e1f528834100b772002e24940d65138c8cbd1756
tree	8ace73c987f525eee7883d3fca8af60152194005	tree \| snapshot
parent	8288adc3583c50dfc6df8131d7d62a4009842bd0	commit \| diff

Bug 19034: XSS Flaws in Patron categories pages

1. Hit /cgi-bin/koha/admin/categories.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search patron categories box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search patron categories box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

koha-tmpl/intranet-tmpl/prog/en/modules/admin/categories.tt

diff | blob | history

Mirror of git://git.koha-community.org/koha.git

RSS Atom