Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en
History
Amit Gupta d31c635fe2 Bug 19112 - Stored XSS in basketheader.pl page 
To Test

1. Hit the page /cgi-bin/koha/acqui/basketheader.pl?booksellerid=1&op=add_form
2. Add a text in the field Basket name, Internal note, Vendor note that contains java script
3. Save the page
4. Notice js is execute
5. Apply patch, reload, js is escaped.

Fixed XSS on pages basket.pl/basketheader.pl/bookseller.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
..
data Bug 17288: (follow-up) Fix marc21_field_007.xml 2017-08-25 10:59:03 -03:00
includes Bug 18447 - Datepicker only shows -10/+10 years 2017-08-25 11:38:46 -03:00
js
modules Bug 19112 - Stored XSS in basketheader.pl page 2017-08-29 12:00:37 -03:00
xslt Bug 15140 (QA Followup) lowercase the search index 2017-07-26 14:42:45 -03:00
columns.def Bug 17196: Remove occurrence of marcxml in columns.def 2017-01-13 13:49:30 +00:00