Koha/koha-tmpl/intranet-tmpl/prog/en/modules/acqui at 3199cff63924520a4cc4564f3590427dbed867f8 - Koha-community/Koha - Koha: The world's first free and open source library system

History

Amit Gupta 3199cff639 Bug 19052 - XSS Flaws in vendor search page 1. Hit /cgi-bin/koha/acqui/booksellers.pl 2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> vendor search box. 3. Notice the iframe is executed. 4. Apply patch. 5. Reload page, and enter iframe again on vendor search box. 6. Notice it is no longer executed. Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>		2017-08-29 12:00:37 -03:00
..
csv	Bug 18331: POST_CHOMP everywhere!	2017-08-15 12:17:41 -03:00
tables
acqui-home.tt
addorder.tt
addorderiso2709.tt
ajax.tt
basket.tt	Bug 8612: Use CSV profile for exporting basket	2017-06-05 12:02:08 -03:00
basketgroup.tt
basketheader.tt
booksellers.tt	Bug 19052 - XSS Flaws in vendor search page	2017-08-29 12:00:37 -03:00
cancelorder.tt
edi_ean.tt
edifactmsgs.tt
edimsg.tt
histsearch.tt
invoice-files.tt
invoice.tt	Bug 11122: Follow up - Fix some display issues and typos	2017-06-05 11:48:16 -03:00
invoices.tt	Bug 18830: Fix phrasing of screen message	2017-07-06 14:29:05 -03:00
lateorders.tt
modordernotes.tt
neworderbiblio.tt
neworderempty.tt
neworderempty_duplicate.tt
newordersubscription.tt
newordersuggestion.tt
ordered.tt
orderreceive.tt
parcel.tt	Bug 18722: Fund name is not shown in received orders fund subtotals	2017-06-09 11:32:48 -03:00
parcels.tt
spent.tt
supplier.tt	Bug 19118 - Due to wrong variable name passed vendor name is not coming in browser title bar	2017-08-25 12:12:25 -03:00
transferorder.tt	Bug 11122: Follow up - Fix some display issues and typos	2017-06-05 11:48:16 -03:00
uncertainprice.tt	Bug 11122: Follow up - Fix some display issues and typos	2017-06-05 11:48:16 -03:00
z3950_search.tt