Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules/patron_lists
History
Amit Gupta 36ba8be88a Bug 19035 - Stored XSS in lists.pl 
To Test
1. Hit the page /cgi-bin/koha/patron_lists/lists.pl
2. Click on new patron list
3. Add a text in the field Name that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Fixed in both the pages list.pl and list.pl?patron_list_id=xx
xx is patronlist id

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
..
add-modify.tt Bug 15925 [Revised] Correct some markup issues with patron lists pages 2016-03-03 22:30:35 +00:00
list.tt Bug 19035 - Stored XSS in lists.pl 2017-08-29 12:00:37 -03:00
lists.tt Bug 19035 - Stored XSS in lists.pl 2017-08-29 12:00:37 -03:00