Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/members
History
Amit Gupta fbdfbc64f0 Bug 19079 - XSS Flaws in Membership page 
1. Hit /cgi-bin/koha/members/moremember.pl?borrowernumber=xx<script>alert('amit')</script>.
   xx - is a borrowernumber
2. Notice the java script is executed.
4. Apply patch.
5. Reload page, and hit the page again /cgi-bin/koha/members/moremember.pl?borrowernumber=xx<script>alert('amit')</script>.
   xx - is a borrowernumber.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
..
boraccount.pl Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
default_messageprefs.pl Bug 9978: Replace license header with the correct license (GPLv3+) 2015-04-20 09:59:38 -03:00
deletemem.pl Bug 19080: Fix member vs borrowernumber in delmember 2017-08-25 11:03:37 -03:00
discharge.pl Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
discharges.pl Bug 15548: Move new patron related code to Patron* 2016-03-03 14:38:26 -07:00
files.pl Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
guarantor_search.pl Bug 15758: Koha::Libraries - Remove GetBranches 2016-09-08 14:36:03 +00:00
housebound.pl Bug 17829: Move GetMember to Koha::Patron 2017-07-10 13:14:19 -03:00
mancredit.pl Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
maninvoice.pl Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
member-flags.pl Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
member-password.pl Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
member.pl Bug 17829: Move GetMember to Koha::Patron 2017-07-10 13:14:19 -03:00
memberentry.pl Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
members-home.pl Bug 15758: Koha::Libraries - Remove GetBranchesLoop 2016-09-08 14:36:02 +00:00
members-update-do.pl Bug 15758: Koha::Libraries - Ultimate duel for C4::Branch 2016-09-08 14:36:04 +00:00
members-update.pl Bug 13757: Better display for attr changes in members-update.pl 2017-03-24 18:45:17 +00:00
mod_debarment.pl Bug 18858: Prevent warn when deleting a borrower debarment 2017-07-13 18:23:29 -03:00
moremember.pl Bug 19079 - XSS Flaws in Membership page 2017-08-29 12:00:37 -03:00
nl-search.pl Bug 15407: Koha::Patron::Categories - replace C4::Category->all 2016-09-08 13:29:03 +00:00
notices.pl Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
patronimage.pl Bug 17423 - patronimage.pl permission is too restrictive 2016-10-17 23:44:25 +00:00
pay.pl Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
paycollect.pl Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
print_overdues.pl Bug 12933: (QA followup) Rename GetOverdues to GetOverduesForPatron 2015-11-04 12:41:29 -03:00
printfeercpt.pl Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
printinvoice.pl Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
printslip.pl Bug 9978: Replace license header with the correct license (GPLv3+) 2015-04-20 09:59:38 -03:00
purchase-suggestions.pl Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
readingrec.pl Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
routing-lists.pl Bug 19080: Fix perlcritic in routing-lists.pl 2017-08-25 11:03:37 -03:00
setstatus.pl Bug 16911: Rename extend_subscription with renew_account 2016-09-09 09:45:32 +00:00
statistics.pl Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
summary-print.pl Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
update-child.pl Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00