Main Koha release repository https://koha-community.org
Find a file
Amit Gupta fd44f2fed7 Bug 16069 - XSS issue in basket.pl page
1. Hit /cgi-bin/koha/acqui/basket.pl?basketno=xx<script>alert('amit')</script>
   xx - is a basketno
2. Notice the java script is executed.
3. Apply patch.
4. Reload page, and hit the page again /cgi-bin/koha/acqui/basket.pl?basketno==xx<script>alert('amit')</script>
   xx - is a basketno.
5. Notice it is no longer executed.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
acqui Bug 19130: (followup) Controller scripts should preserve behaviour 2017-08-25 11:53:44 -03:00
admin Bug 18906: Display all funds the logged in user can use 2017-08-09 16:51:40 -03:00
api/v1 Bug 18763: Fix swagger/definitions.t 2017-06-14 14:36:28 -03:00
authorities
basket Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
C4 Bug 19134: C4::SMS falils on long driver name 2017-08-25 10:51:24 -03:00
catalogue Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
cataloguing Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
circ Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
clubs Bug 18632: Remove 'CGI::param called in list context' warnings 2017-05-28 22:25:22 -04:00
course_reserves Bug 18367 - (QA Followup) Only warn if doing a lookup and not having an item 2017-07-28 11:37:06 -03:00
debian Bug 18877: Add documentation on dbhost for koha-create help 2017-08-15 12:17:44 -03:00
docs Bug 7143: Add Patricio Marrone to history.txt 2017-03-31 13:45:33 +00:00
errors
etc Bug 18104 - allow SIP2 field AE (personal name ) to be customized 2017-07-06 14:52:54 -03:00
installer Bug 16892: DBRev 17.05.00.004 2017-08-25 10:58:55 -03:00
Koha Bug 19130: (followup) Add POD 2017-08-25 11:53:44 -03:00
koha-tmpl Bug 16069 - XSS issue in basket.pl page 2017-08-29 12:00:37 -03:00
labels Bug 18262: Koha::Biblio - Remove GetBiblioData - part 1 2017-07-14 12:22:23 -03:00
members Bug 19079 - XSS Flaws in Membership page 2017-08-29 12:00:37 -03:00
misc Bug 19040: Update 2 occurrences of GetMarcBiblio in 22_to_30 2017-08-25 10:51:24 -03:00
offline_circ Bug 17829: Move GetMember to Koha::Patron 2017-07-10 13:14:19 -03:00
opac Bug 16892: Address error checking in comment #47 2017-08-25 10:51:25 -03:00
OpenILS
patron_lists
patroncards Bug 17829: Move GetMember to Koha::Patron 2017-07-10 13:14:19 -03:00
plugins Bug 15879: Allow multiple plugin directories to be defined in koha-conf.xml 2017-01-11 14:03:00 +00:00
reports Bug 19061: [QA Follow-up] Wrong interpolation 2017-08-15 12:17:43 -03:00
reserve Bug 18262: Koha::Biblio - Remove GetBiblioData - part 1 2017-07-14 12:22:23 -03:00
reviews Bug 18262: Koha::Biblio - Remove GetBiblioData - part 1 2017-07-14 12:22:23 -03:00
rotating_collections
serials Bug 19130: (followup) Controller scripts should preserve behaviour 2017-08-25 11:53:44 -03:00
services
skel
sms
suggestion Bug 18839: Suggestion.pl spelling mistake 2017-07-13 16:42:04 -03:00
svc Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
t Bug 19126: Fix Members.t with IndependentBranches set 2017-08-25 12:12:04 -03:00
tags Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
test Bug 9819 - 'stopwords'-related code removed 2015-12-30 15:49:35 +00:00
tmp/modified_authorities
tools Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
virtualshelves Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
xt Bug 18292: Tests do not need to return 1 - xt 2017-08-15 12:17:43 -03:00
.editorconfig
.htaccess
.mailmap Update mailmap - Jonathan Druart 2017-06-21 12:42:19 -03:00
about.pl Bug 18931 - Follow up - Typo fix in SQL statement 2017-07-26 13:50:56 -03:00
changelanguage.pl
edithelp.pl
fix-perl-path.PL
help.pl
INSTALL
install-CPAN.pl
Koha.pm Bug 16892: DBRev 17.05.00.004 2017-08-25 10:58:55 -03:00
koha_perl_deps.pl
kohaversion.pl
LICENSE
mainpage.pl
Makefile.PL Bug 19067: Map clubs/ into INTRANET_CGI_DIR in Makefile.PL 2017-08-10 11:25:33 -03:00
MANIFEST.SKIP
README Bug 9440 - update Koha's LICENSE file from GPL2 to GPL3 2013-02-12 08:52:10 -05:00
README.md
README.robots
rewrite-config.PL

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: This is a synced mirror of the official Koha repo.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo