[Koha-bugs] [Bug 19034] XSS Flaws in- Cities - Z39.50/ SRU servers administration - Patron categories pages
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Aug 4 07:17:35 CEST 2017
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034
--- Comment #1 from Amit Gupta <amitddng135 at gmail.com> ---
Created attachment 65485
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=65485&action=edit
Bug 19034 - XSS Flaws in Patron categories pages
1. Hit /cgi-bin/koha/admin/categories.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search patron
categories box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search patron categories box.
6. Notice it is no longer executed.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list