Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules/members
History
Amit Gupta feeab2b3a0 Bug 19614: Fix XSS in members/pay.pl 
To Test
1. Hit the page /cgi-bin/koha/members/memberentry.pl
2. Add a text in the field firstname, surname that contains js
3. Save the page.
4. click on fine tab
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-01-09 16:01:40 -03:00
..
tables
boraccount.tt Bug 19456: Make patron-title ability to be generated with or without html tags 2017-12-07 09:37:10 -03:00
deletemem.tt
discharge.tt
discharges.tt
files.tt Bug 19456: Make patron-title ability to be generated with or without html tags 2017-12-07 09:37:10 -03:00
holdshistory.tt Bug 19456: Make patron-title ability to be generated with or without html tags 2017-12-07 09:37:10 -03:00
housebound.tt Bug 19456: Make patron-title ability to be generated with or without html tags 2017-12-07 09:37:10 -03:00
mancredit.tt
maninvoice.tt Bug 17014: Simplify some code 2017-03-31 14:33:52 +00:00
member-flags.tt
member-password.tt Bug 18298: (QA followup) Use Koha.Preference on the template 2017-10-16 09:44:33 -03:00
member.tt Bug 19125: Fix Stored XSS in members.pl 2017-09-29 12:20:45 -03:00
memberentrygen.tt Bug 19857: Use BorrowerUnwantedField system preference for SMS provider selection 2017-12-22 13:15:38 -03:00
members-update.tt Bug 19400: Reminder to unset gone no address flag after patron makes a modification request 2017-10-27 16:05:51 -03:00
moremember-brief.tt Bug 19129 - Follow-up - Add changes to patron duplicate warning 2017-09-01 13:02:23 -03:00
moremember-print.tt Bug 17014 - Remove more event attributes from patron templates 2017-03-31 14:33:51 +00:00
moremember-receipt.tt Bug 17014 - Remove more event attributes from patron templates 2017-03-31 14:33:51 +00:00
moremember.tt Bug 19456: Make patron-title ability to be generated with or without html tags 2017-12-07 09:37:10 -03:00
nl-search.tt
notices.tt Bug 19456: Make patron-title ability to be generated with or without html tags 2017-12-07 09:37:10 -03:00
pay.tt Bug 19614: Fix XSS in members/pay.pl 2018-01-09 16:01:40 -03:00
paycollect.tt Bug 11210: Writeoff partial amounts 2017-12-11 14:30:42 -03:00
printfeercpt.tt Bug 17014 - Remove more event attributes from patron templates 2017-03-31 14:33:51 +00:00
printinvoice.tt Bug 17014 - Remove more event attributes from patron templates 2017-03-31 14:33:51 +00:00
purchase-suggestions.tt Bug 19456: Make patron-title ability to be generated with or without html tags 2017-12-07 09:37:10 -03:00
readingrec.tt Bug 19456: Make patron-title ability to be generated with or without html tags 2017-12-07 09:37:10 -03:00
routing-lists.tt Bug 19456: Make patron-title ability to be generated with or without html tags 2017-12-07 09:37:10 -03:00
statistics.tt Bug 19456: Make patron-title ability to be generated with or without html tags 2017-12-07 09:37:10 -03:00
update-child.tt