projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a5489d9) | patch
Bug 14423: Multiple XSS vulnerabilities in serials-search
authorChris <chris@bigballofwax.co.nz>
Sun, 21 Jun 2015 09:20:51 +0000 (09:20 +0000)
committerTomas Cohen Arazi <tomascohen@theke.io>
Tue, 23 Jun 2015 13:12:26 +0000 (10:12 -0300)
commitd87b8a5cf3458492c67c424b3f811ac0085599f0
tree4f47d65277683db34967d8198df4e4a293b9321dtree | snapshot
parenta5489d993615996e1e125e945870dce92c7d1c10commit | diff
Bug 14423: Multiple XSS vulnerabilities in serials-search

To test

1/ Hit a url like http://localhost:8081/cgi-bin/koha/serials/serials-search.pl?bookseller_filter=%22%22%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&searched=1&title_filter=
2/ Notice alert boxes
3/ Apply patch
4/ Reload, notice fixed

Repeat for
callnumber_filter
EAN_filter
ISSN_filter
publisher_filter
title_filter

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
koha-tmpl/intranet-tmpl/prog/en/modules/serials/serials-search.tt diff | blob | history
Main Koha release repository