8534ca2780
Test 1. Hit the page /cgi-bin/koha/acqui/parcels.pl?booksellerid=xx xx is booksellerid 2. Add a text in the field Vendor invoice that contains java script 3. Save the page. 4. Notice js is execute 5. Apply patch and reload the js is escaped Fixed XSS for parcels.pl/parcel.pl/orderreceive.pl Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> |
||
|---|---|---|
| .. | ||
| csv | ||
| tables | ||
| acqui-home.tt | ||
| addorder.tt | ||
| addorderiso2709.tt | ||
| ajax.tt | ||
| basket.tt | ||
| basketgroup.tt | ||
| basketheader.tt | ||
| booksellers.tt | ||
| cancelorder.tt | ||
| edi_ean.tt | ||
| edifactmsgs.tt | ||
| edimsg.tt | ||
| histsearch.tt | ||
| invoice-files.tt | ||
| invoice.tt | ||
| invoices.tt | ||
| lateorders.tt | ||
| modordernotes.tt | ||
| neworderbiblio.tt | ||
| neworderempty.tt | ||
| neworderempty_duplicate.tt | ||
| newordersubscription.tt | ||
| newordersuggestion.tt | ||
| ordered.tt | ||
| orderreceive.tt | ||
| parcel.tt | ||
| parcels.tt | ||
| spent.tt | ||
| supplier.tt | ||
| transferorder.tt | ||
| uncertainprice.tt | ||
| z3950_search.tt | ||