Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules
History
Amit Gupta d4b588aca8 Bug 19110 - XSS Stored in branches.pl 
To Test
1. Hit the page /cgi-bin/koha/admin/branches.pl?op=add_form_category
2. Add a text in the field Name and description that contains js.
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for js escaped execute for both pages

1. /cgi-bin/koha/admin/branches.pl?op=delete_confirm&branchcode=xx
   xx is branchcode
2. /cgi-bin/koha/admin/branches.pl?op=add_form with Group(s):

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
..
acqui Bug 16069 - XSS issue in basket.pl page 2017-08-29 12:00:37 -03:00
admin Bug 19110 - XSS Stored in branches.pl 2017-08-29 12:00:37 -03:00
authorities Bug 18801 - Merging authorities has an invalid 'Default' type in the merge framework selector 2017-07-06 14:29:03 -03:00
basket Bug 12644 - Add subtitles to staff client cart 2017-08-15 12:17:45 -03:00
batch
catalogue Bug 18331: Fix CSV export (once and for all!) 2017-08-15 12:17:40 -03:00
cataloguing Bug 18277: Remove GetBiblionumberFromItemnumber - linkitem 2017-07-10 13:03:37 -03:00
circ Bug 18469: QA Follow-up 2017-08-15 12:17:43 -03:00
clubs Bug 18630: Translatability (Clubs): 'Cancel' is ambiguous and leads to mistakes 2017-06-15 15:56:00 -03:00
common
course_reserves Bug 18367 - Fix untranslatable string from Bug 18264 2017-07-13 16:42:03 -03:00
errors
help Bug 18817: Update links manually 2017-08-25 10:22:14 -03:00
installer
labels Bug 19050 - XSS Flaws in Quick spine label creator 2017-08-29 12:00:37 -03:00
members Bug 19100 - XSS Flaws in memberentry.pl 2017-08-29 12:00:37 -03:00
offline_circ
onboarding
patron_lists
patroncards Bug 18465: (followup) Fix issue with patron lists an do not use clone 2017-07-06 14:52:54 -03:00
plugins
reports Bug 19054 - XSS Flaws in Report - Top Most-circulated items 2017-08-29 12:00:37 -03:00
reserve
reviews
rotating_collections
serials
services
sms
suggestion Bug 18581 - Add standard edit and delete buttons to suggestions list 2017-08-25 10:59:04 -03:00
tags Bug 5471 - Quotes in tags fail 2017-08-10 13:20:31 -03:00
test
tools Bug 19105 - XSS Stored in holidays.pl 2017-08-29 12:00:37 -03:00
virtualshelves Bug 18980: Show distinction between shared and private lists in staff 2017-08-10 13:20:31 -03:00
about.tt Bug 19000: Fix typo in closing p tag for items 2017-07-28 11:14:26 -03:00
auth.tt
intranet-main.tt Bug 19041: (bug 17855 follow-up) Fix regression on bug 16058 2017-08-08 09:20:35 -03:00