Koha/koha-tmpl
Amit Gupta d4b588aca8 Bug 19110 - XSS Stored in branches.pl
To Test
1. Hit the page /cgi-bin/koha/admin/branches.pl?op=add_form_category
2. Add a text in the field Name and description that contains js.
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for js escaped execute for both pages

1. /cgi-bin/koha/admin/branches.pl?op=delete_confirm&branchcode=xx
   xx is branchcode
2. /cgi-bin/koha/admin/branches.pl?op=add_form with Group(s):

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
..
intranet-tmpl Bug 19110 - XSS Stored in branches.pl 2017-08-29 12:00:37 -03:00
opac-tmpl Bug 18726: Fix XSS at the OPAC - biblionumber 2017-08-29 12:00:37 -03:00
favicon.ico
index.html
intranet.html
opac.html