]> git.koha-community.org Git - koha.git/commit
Bug 19086 Stored XSS in subscription-add.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 14 Aug 2017 21:14:11 +0000 (02:44 +0530)
committerMason James <mtj@kohaaloha.com>
Wed, 20 Sep 2017 03:02:38 +0000 (15:02 +1200)
commit0eb03b0817561fc37c77bf551a09d816d41c4117
tree1d5d9d3175141d9c60d1362cb2bdce7238634b30
parentc532e5f0abbe5a84834cfab99d021af03d499afb
Bug 19086 Stored XSS in subscription-add.pl

To Test
1. Hit the page /cgi-bin/koha/serials/subscription-add.pl
2. Add a text in the field Public note and Nonpublic note
   that contains js (Internalnotes, notes)
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
koha-tmpl/intranet-tmpl/prog/en/modules/serials/subscription-detail.tt