Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules
History
Chris d87b8a5cf3 Bug 14423: Multiple XSS vulnerabilities in serials-search 
To test

1/ Hit a url like http://localhost:8081/cgi-bin/koha/serials/serials-search.pl?bookseller_filter=%22%22%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&searched=1&title_filter=
2/ Notice alert boxes
3/ Apply patch
4/ Reload, notice fixed

Repeat for
callnumber_filter
EAN_filter
ISSN_filter
publisher_filter
title_filter

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:12:26 -03:00
..
acqui Bug 14423: XSS bug in lateorders 2015-06-23 10:11:57 -03:00
admin Bug 14423: XSS issues in marc_subfields_structure 2015-06-23 10:12:11 -03:00
authorities Bug 8399: Display tab number on the mandatory field alert (authority) 2015-05-18 12:11:23 -03:00
basket Bug 14329: Useless copy/pasta from Template::Plugin::HtmlToText 2015-06-08 09:47:06 -03:00
batch
catalogue Bug 14423: XSS bugs in catalogue search 2015-06-23 10:12:18 -03:00
cataloguing Bug 13904: Make unimarc_field_4XX displays usefull 200 subfield data 2015-06-19 11:35:57 -03:00
circ Bug 14356: Improvements to the 'Transfers to receive' page 2015-06-22 17:30:53 -03:00
common Bug 13941: [2/2] Fix <body> tags missing id/class 2015-04-24 09:47:38 -03:00
course_reserves Bug 13941: [2/2] Fix <body> tags missing id/class 2015-04-24 09:47:38 -03:00
errors
help Bug 14424: Tools Help Files for 3.20 2015-06-22 11:06:21 -03:00
installer Bug 14152: Re-check required dependencies during upgrade process 2015-05-18 12:12:33 -03:00
labels Bug 12160: Rename intranetuserjs with IntranetUserJS 2015-05-26 10:42:07 -03:00
members Bug 10866: Hide patron's history if intranetreadinghistory is set to not allow 2015-06-19 11:34:27 -03:00
offline_circ Bug 13941: [2/2] Fix <body> tags missing id/class 2015-04-24 09:47:38 -03:00
patron_lists Bug 13941: [2/2] Fix <body> tags missing id/class 2015-04-24 09:47:38 -03:00
patroncards
plugins Bug 13941: [2/2] Fix <body> tags missing id/class 2015-04-24 09:47:38 -03:00
reports Bug 14029: Provide 'clear' link to empty reports search filters 2015-06-11 13:08:53 -03:00
reserve Bug 13887: Display the due date as a due date + sort on info 2015-05-04 11:24:07 -03:00
reviews
rotating_collections Bug 13941: [2/2] Fix <body> tags missing id/class 2015-04-24 09:47:38 -03:00
serials Bug 14423: Multiple XSS vulnerabilities in serials-search 2015-06-23 10:12:26 -03:00
services
sms
suggestion Bug 14074: Format 'suggested on' date in suggestion list correctly 2015-05-14 11:37:42 -03:00
tags
test Bug 13941: [2/2] Fix <body> tags missing id/class 2015-04-24 09:47:38 -03:00
tools Bug 13874: 'Rotating collections' are a circulation tool 2015-06-22 11:47:37 -03:00
virtualshelves Bug 14416: Stored XSS vulnerability - add biblio to shelf (intranet) 2015-06-22 11:00:09 -03:00
about.tt Bug 7143: Release team for 3.22 2015-05-27 12:44:15 -03:00
auth.tt
intranet-main.tt Bug 8007: Discharge - Glue 2015-04-30 12:33:53 -03:00