Koha/koha-tmpl/opac-tmpl/bootstrap/en at 05a014b7668e0c4fa662821f7774ac733fd0cc7f - Koha-community/Koha - Koha: The world's first free and open source library system

History

Chris Cormack 05a014b766 Bug 16587 - opac-sendbasket.pl is open to XSS To test 1/ Hit a url like http://localhost:8080/cgi-bin/koha/opac-sendbasket.pl?email_add=%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3Ezz%40zz&comment=tes&bib_list=3 Where bib_list is a valid basket number 2/ Notice you get a javascript alert showing 3/ Apply patch 4/ Notice the text is now escaped Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>		2016-05-25 22:14:33 +00:00
..
includes	Bug 16315 - OPAC Shelfbrowser doesn't display the full title	2016-05-05 18:28:16 +00:00
modules	Bug 16587 - opac-sendbasket.pl is open to XSS	2016-05-25 22:14:33 +00:00
xslt	Bug 16343: 7XX XSLT subfields displaying out of order	2016-05-23 17:24:12 +00:00