[Koha-bugs] [Bug 19033] XSS Flaws in Currencies and exchange page

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19033

Tomás Cohen Arazi  changed:

   What|Removed |Added

   Severity|enhancement |major

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19033] XSS Flaws in Currencies and exchange page

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19033

Mason James  changed:

   What|Removed |Added

 CC||m...@kohaaloha.com

--- Comment #7 from Mason James  ---
Pushed to 16.05.x, for 16.05.16 release - thanks Amit :0)

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19033] XSS Flaws in Currencies and exchange page

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19033

--- Comment #6 from Katrin Fischer  ---
This patch has been pushed to 16.11.x and is in 16.11.11.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19033] XSS Flaws in Currencies and exchange page

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19033

Fridolin SOMERS  changed:

   What|Removed |Added

 Status|Pushed to Master|Pushed to Stable

--- Comment #5 from Fridolin SOMERS  ---
Pushed to 17.05.x, is in 17.05.03

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19033] XSS Flaws in Currencies and exchange page

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19033

Jonathan Druart  changed:

   What|Removed |Added

  Component|Koha|Architecture, internals,
   ||and plumbing
 Status|Passed QA   |Pushed to Master
Product|Koha security   |Koha
  Group|Koha security   |

--- Comment #4 from Jonathan Druart  
---
Pushed to master for 17.11, thanks to everybody involved!

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19033] XSS Flaws in Currencies and exchange page

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19033

Amit Gupta  changed:

   What|Removed |Added

 Status|NEW |Needs Signoff

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19033] XSS Flaws in Currencies and exchange page

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19033

--- Comment #2 from Amit Gupta  ---
Created attachment 65484
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=65484=edit
Bug 19033 - XSS Flaws in Currencies and exchange page

1. Hit /cgi-bin/koha/admin/currency.pl
2. Enter  search currencies
box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search currencies box.
6. Notice it is no longer executed.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19033] XSS Flaws in Currencies and exchange page

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19033

Amit Gupta  changed:

   What|Removed |Added

 CC||amitddng...@gmail.com

--- Comment #1 from Amit Gupta  ---
Created attachment 65483
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=65483=edit
Screenhot XSS currenices page

XSS issue in the Currencies and exchange page

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19033] XSS Flaws in Currencies and exchange page

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19033

Amit Gupta  changed:

   What|Removed |Added

Product|Koha security   |Koha
  Component|Koha|System Administration
  Group|Koha security   |
 CC||gmcha...@gmail.com
 QA Contact||testo...@bugs.koha-communit
   ||y.org
Version|unspecified |master

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/