Amit Gupta 73a66ccaf4 Bug 19100 - XSS Flaws in memberentry.pl ... 1. Hit /cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=xx<script>alert('amit')</script> xx - is a guarantorid 2. Notice the java script is executed. 3. Apply patch. 4. Reload page, and hit the page again /cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=xx<script>alert('amit')</script> xx - is a guarantorid. 5. Notice it is no longer executed. NOTE: I had to test in Microsoft Edge, because Chrome was blocking XSS for me. Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>		2017-08-29 12:00:37 -03:00
..
intranet-tmpl	Bug 19100 - XSS Flaws in memberentry.pl	2017-08-29 12:00:37 -03:00
opac-tmpl	Bug 18726: Fix XSS at the OPAC - biblionumber	2017-08-29 12:00:37 -03:00
favicon.ico
index.html
intranet.html
opac.html