]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 42b3010) | patch
Bug 19086 XSS in members/member.pl
authorChris Cormack <chris@bigballofwax.co.nz>
Fri, 11 Aug 2017 19:36:43 +0000 (19:36 +0000)
committerKatrin Fischer <katrin.fischer.83@web.de>
Tue, 19 Sep 2017 20:58:22 +0000 (22:58 +0200)
commitf17be038ebb4c5f05d402a2a93e70c78c306d373
treec9b1113d19334e4e90b3000c7860240821f5c0adtree | snapshot
parent42b30105ffd2b6814873fad1cff5cd4d35c140eecommit | diff
Bug 19086 XSS in members/member.pl

To test
1/ hit /cgi-bin/koha/members/member.pl?&searchmember=<script>alert('XSS Payload')</script>
2/ Notice js is executed
3/ Apply patch, reload
4/ js is now escaped

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 5ae18484b5a47e8a00ce8f1a0fd8b3db471947eb)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 44814081a72a995a91f7057d9158b18167c65dca)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt diff | blob | history
Main Koha release repository