projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 27891cb) | patch
Bug 16069 - XSS issue in basket.pl page
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Sun, 20 Aug 2017 15:23:06 +0000 (20:53 +0530)
committerKatrin Fischer <katrin.fischer.83@web.de>
Sun, 20 Aug 2017 16:28:02 +0000 (18:28 +0200)
commit42a00d26ef51cedb55a9bd957b36c33d8d337b08
tree3ab90da64b305524743fb63f54f2d58f83f44f3ftree | snapshot
parent27891cbfe2160a8ed72df384490430d111e6c9e8commit | diff
Bug 16069 - XSS issue in basket.pl page

1. Hit /cgi-bin/koha/acqui/basket.pl?basketno=xx<script>alert('amit')</script>
   xx - is a basketno
2. Notice the java script is executed.
3. Apply patch.
4. Reload page, and hit the page again /cgi-bin/koha/acqui/basket.pl?basketno==xx<script>alert('amit')</script>
   xx - is a basketno.
5. Notice it is no longer executed.

Fix for 16.11.x
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt diff | blob | history
Main Koha release repository