Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules
History
Amit Gupta ee3bfd5d69 Bug 19078 - XSS Flaws in System preferences 
1. Hit /cgi-bin/koha/admin/preferences.pl
2. Enter <script>alert('amit')</script> in search system preferences box.
3. Notice the java script is executed.
4. Apply patch.
5. Reload page, and enter <script>alert('amit')</script> in search system preferences box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
..
acqui Bug 19118 - Due to wrong variable name passed vendor name is not coming in browser title bar 2017-08-25 12:12:25 -03:00
admin Bug 19078 - XSS Flaws in System preferences 2017-08-29 12:00:37 -03:00
authorities Bug 18801 - Merging authorities has an invalid 'Default' type in the merge framework selector 2017-07-06 14:29:03 -03:00
basket Bug 12644 - Add subtitles to staff client cart 2017-08-15 12:17:45 -03:00
batch
catalogue Bug 18331: Fix CSV export (once and for all!) 2017-08-15 12:17:40 -03:00
cataloguing Bug 18277: Remove GetBiblionumberFromItemnumber - linkitem 2017-07-10 13:03:37 -03:00
circ Bug 18469: QA Follow-up 2017-08-15 12:17:43 -03:00
clubs Bug 18630: Translatability (Clubs): 'Cancel' is ambiguous and leads to mistakes 2017-06-15 15:56:00 -03:00
common Bug 13835: Popup with searches: results hidden by language menu in footer 2017-04-28 08:35:30 -04:00
course_reserves Bug 18367 - Fix untranslatable string from Bug 18264 2017-07-13 16:42:03 -03:00
errors
help Bug 18817: Update links manually 2017-08-25 10:22:14 -03:00
installer Bug 17942 [Follow-up] Update style of the web installer with Bootstrap 3 2017-05-09 20:54:31 +00:00
labels Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
members Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
offline_circ
onboarding Bug 18702: Translatability: Get rid of exposed if statement in tt for translated onboardingstep2.tt 2017-06-05 16:35:23 -03:00
patron_lists Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
patroncards Bug 18465: (followup) Fix issue with patron lists an do not use clone 2017-07-06 14:52:54 -03:00
plugins Bug 18430 - Plugins page should have a link to viewing other types 2017-06-05 11:59:26 -03:00
reports Bug 18919: Repair "Transaction branch" in cash_register_stats.pl 2017-08-15 12:17:45 -03:00
reserve Bug 18534 - When IndependentBranches is enabled the pickup location displayed incorrectly on request.pl 2017-05-19 10:33:19 -04:00
reviews Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
rotating_collections Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
serials Bug 13747: Fix problems with frequency descriptions containing quotes 2017-06-05 16:34:26 -03:00
services
sms
suggestion Bug 18581 - Add standard edit and delete buttons to suggestions list 2017-08-25 10:59:04 -03:00
tags Bug 5471 - Quotes in tags fail 2017-08-10 13:20:31 -03:00
test
tools Bug 19049 [QA Followup] - Make plugin name first item in description 2017-08-15 12:17:42 -03:00
virtualshelves Bug 18980: Show distinction between shared and private lists in staff 2017-08-10 13:20:31 -03:00
about.tt Bug 19000: Fix typo in closing p tag for items 2017-07-28 11:14:26 -03:00
auth.tt Bug 18314 (QA Followup) Use OpacBaseURL for password reset link 2017-05-12 10:59:10 -04:00
intranet-main.tt Bug 19041: (bug 17855 follow-up) Fix regression on bug 16058 2017-08-08 09:20:35 -03:00