[Bug 19034] New: XSS Flaws in- Cities - Z39.50/ SRU servers administration - Patron categories pages
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034 Bug ID: 19034 Summary: XSS Flaws in- Cities - Z39.50/SRU servers administration - Patron categories pages Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: System Administration Assignee: koha-bugs@lists.koha-community.org Reporter: amitddng135@gmail.com QA Contact: testopia@bugs.koha-community.org CC: gmcharlt@gmail.com XSS Flaws in- Cities - Z39.50/SRU servers administration - Patron categories pages -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034 Amit Gupta <amitddng135@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |amitddng135@gmail.com |ity.org | -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034 --- Comment #1 from Amit Gupta <amitddng135@gmail.com> --- Created attachment 65485 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=65485&action=edit Bug 19034 - XSS Flaws in Patron categories pages 1. Hit /cgi-bin/koha/admin/categories.pl 2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search patron categories box. 3. Notice the iframe is executed. 4. Apply patch. 5. Reload page, and enter iframe again on search patron categories box. 6. Notice it is no longer executed. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034 --- Comment #2 from Amit Gupta <amitddng135@gmail.com> --- Created attachment 65486 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=65486&action=edit Bug 19034 - XSS Flaws in Cities 1. Hit /cgi-bin/koha/admin/cities.pl 2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search cities box. 3. Notice the iframe is executed. 4. Apply patch. 5. Reload page, and enter iframe again on search cities box. 6. Notice it is no longer executed. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034 --- Comment #3 from Amit Gupta <amitddng135@gmail.com> --- Created attachment 65487 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=65487&action=edit Bug 19034 - XSS Flaws in - Z39.50/SRU servers administration 1. Hit /cgi-bin/koha/admin/z3950servers.pl 2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search Z39.50/SRU servers box. 3. Notice the iframe is executed. 4. Apply patch. 5. Reload page, and enter iframe again on search Z39.50/SRU servers box. 6. Notice it is no longer executed. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034 Amit Gupta <amitddng135@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Group|Koha security | Product|Koha security |Koha Component|Koha |Architecture, internals, | |and plumbing Status|Passed QA |Pushed to Master --- Comment #13 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Pushed to master for 17.11, thanks to everybody involved! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034 Fridolin SOMERS <fridolin.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to Master |Pushed to Stable --- Comment #14 from Fridolin SOMERS <fridolin.somers@biblibre.com> --- Pushed to 17.05.x, is in 17.05.03 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034 --- Comment #15 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- This patches have been pushed to 16.11.x and are in 16.11.11. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034 Mason James <mtj@kohaaloha.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mtj@kohaaloha.com --- Comment #16 from Mason James <mtj@kohaaloha.com> --- Pushed to 16.05.x, for 16.05.16 release - thanks Amit :0) -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|enhancement |major -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org