Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules
History
Chris c08063d037 Bug 14423: XSS bug in auth_subfields_structure 
1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/auth_subfields_structure.pl?op=add_form&authtypecode=%27%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice a ton of alert boxes pop up
3/ Apply patch
4/ Reload url, no longer get any alerts
5/ Test fuctionality still works

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:12:03 -03:00
..
acqui Bug 14423: XSS bug in lateorders 2015-06-23 10:11:57 -03:00
admin Bug 14423: XSS bug in auth_subfields_structure 2015-06-23 10:12:03 -03:00
authorities Bug 8399: Display tab number on the mandatory field alert (authority) 2015-05-18 12:11:23 -03:00
basket Bug 14329: Useless copy/pasta from Template::Plugin::HtmlToText 2015-06-08 09:47:06 -03:00
batch
catalogue Bug 10172: Hide some uneeded stuffs on printing a record 2015-06-22 11:10:06 -03:00
cataloguing Bug 13904: Make unimarc_field_4XX displays usefull 200 subfield data 2015-06-19 11:35:57 -03:00
circ Bug 14356: Improvements to the 'Transfers to receive' page 2015-06-22 17:30:53 -03:00
common Bug 13941: [2/2] Fix <body> tags missing id/class 2015-04-24 09:47:38 -03:00
course_reserves Bug 13941: [2/2] Fix <body> tags missing id/class 2015-04-24 09:47:38 -03:00
errors Bug 10285: Remove links from the error pages 2015-04-20 09:57:54 -03:00
help Bug 14424: Tools Help Files for 3.20 2015-06-22 11:06:21 -03:00
installer Bug 14152: Re-check required dependencies during upgrade process 2015-05-18 12:12:33 -03:00
labels Bug 12160: Rename intranetuserjs with IntranetUserJS 2015-05-26 10:42:07 -03:00
members Bug 10866: Hide patron's history if intranetreadinghistory is set to not allow 2015-06-19 11:34:27 -03:00
offline_circ Bug 13941: [2/2] Fix <body> tags missing id/class 2015-04-24 09:47:38 -03:00
patron_lists Bug 13941: [2/2] Fix <body> tags missing id/class 2015-04-24 09:47:38 -03:00
patroncards Bug 13891: DataTables server-side processing - patron cards 2015-04-13 10:55:24 -03:00
plugins Bug 13941: [2/2] Fix <body> tags missing id/class 2015-04-24 09:47:38 -03:00
reports Bug 14029: Provide 'clear' link to empty reports search filters 2015-06-11 13:08:53 -03:00
reserve Bug 13887: Display the due date as a due date + sort on info 2015-05-04 11:24:07 -03:00
reviews
rotating_collections Bug 13941: [2/2] Fix <body> tags missing id/class 2015-04-24 09:47:38 -03:00
serials Bug 13662: Fix the serials.receive_serials permissions 2015-06-05 12:53:09 -03:00
services
sms
suggestion Bug 14074: Format 'suggested on' date in suggestion list correctly 2015-05-14 11:37:42 -03:00
tags
test Bug 13941: [2/2] Fix <body> tags missing id/class 2015-04-24 09:47:38 -03:00
tools Bug 13874: 'Rotating collections' are a circulation tool 2015-06-22 11:47:37 -03:00
virtualshelves Bug 14416: Stored XSS vulnerability - add biblio to shelf (intranet) 2015-06-22 11:00:09 -03:00
about.tt Bug 7143: Release team for 3.22 2015-05-27 12:44:15 -03:00
auth.tt Bug 13507: Add intranet support for CAS authentication 2015-04-08 12:04:26 -03:00
intranet-main.tt Bug 8007: Discharge - Glue 2015-04-30 12:33:53 -03:00