[Koha-bugs] [Bug 19034] XSS Flaws in- Cities - Z39.50/ SRU servers administration - Patron categories pages

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034

Tomás Cohen Arazi  changed:

   What|Removed |Added

   Severity|enhancement |major

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19034] XSS Flaws in- Cities - Z39.50/ SRU servers administration - Patron categories pages

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034

Mason James  changed:

   What|Removed |Added

 CC||m...@kohaaloha.com

--- Comment #16 from Mason James  ---
Pushed to 16.05.x, for 16.05.16 release - thanks Amit :0)

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19034] XSS Flaws in- Cities - Z39.50/ SRU servers administration - Patron categories pages

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034

--- Comment #15 from Katrin Fischer  ---
This patches have been pushed to 16.11.x and are in 16.11.11.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19034] XSS Flaws in- Cities - Z39.50/ SRU servers administration - Patron categories pages

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034

Fridolin SOMERS  changed:

   What|Removed |Added

 Status|Pushed to Master|Pushed to Stable

--- Comment #14 from Fridolin SOMERS  ---
Pushed to 17.05.x, is in 17.05.03

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19034] XSS Flaws in- Cities - Z39.50/ SRU servers administration - Patron categories pages

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034

Jonathan Druart  changed:

   What|Removed |Added

  Group|Koha security   |
Product|Koha security   |Koha
  Component|Koha|Architecture, internals,
   ||and plumbing
 Status|Passed QA   |Pushed to Master

--- Comment #13 from Jonathan Druart  
---
Pushed to master for 17.11, thanks to everybody involved!

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19034] XSS Flaws in- Cities - Z39.50/ SRU servers administration - Patron categories pages

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034

--- Comment #3 from Amit Gupta  ---
Created attachment 65487
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=65487=edit
Bug 19034 - XSS Flaws in - Z39.50/SRU servers administration

1. Hit /cgi-bin/koha/admin/z3950servers.pl
2. Enter  search Z39.50/SRU
servers box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search Z39.50/SRU servers box.
6. Notice it is no longer executed.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19034] XSS Flaws in- Cities - Z39.50/ SRU servers administration - Patron categories pages

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034

Amit Gupta  changed:

   What|Removed |Added

 Status|NEW |Needs Signoff

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19034] XSS Flaws in- Cities - Z39.50/ SRU servers administration - Patron categories pages

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034

--- Comment #2 from Amit Gupta  ---
Created attachment 65486
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=65486=edit
Bug 19034 - XSS Flaws in Cities

1. Hit /cgi-bin/koha/admin/cities.pl
2. Enter  search cities box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search cities box.
6. Notice it is no longer executed.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19034] XSS Flaws in- Cities - Z39.50/ SRU servers administration - Patron categories pages

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034

--- Comment #1 from Amit Gupta  ---
Created attachment 65485
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=65485=edit
Bug 19034 - XSS Flaws in Patron categories pages

1. Hit /cgi-bin/koha/admin/categories.pl
2. Enter  search patron
categories box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search patron categories box.
6. Notice it is no longer executed.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19034] XSS Flaws in- Cities - Z39.50/ SRU servers administration - Patron categories pages

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034

Amit Gupta  changed:

   What|Removed |Added

   Assignee|koha-b...@lists.koha-commun |amitddng...@gmail.com
   |ity.org |

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/