git.koha-community.org Git - koha.git/commit

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Fri, 11 Aug 2017 15:38:14 +0000 (21:08 +0530)
committer	Mason James <mtj@kohaaloha.com>
	Thu, 24 Aug 2017 05:58:27 +0000 (17:58 +1200)
commit	2489a7e7ffeb508fc79db1b4e6e76b7055bd8b69
tree	adc5f25625a06f0bded0f0148e7785c4d9122e9e	tree \| snapshot
parent	180865ff0f17d23406ff24e8f26274e292519c23	commit \| diff

Bug 19079 - XSS Flaws in Membership page

1. Hit /cgi-bin/koha/members/moremember.pl?borrowernumber=xx<script>alert('amit')</script>.
xx - is a borrowernumber
2. Notice the java script is executed.
4. Apply patch.
5. Reload page, and hit the page again /cgi-bin/koha/members/moremember.pl?borrowernumber=xx<script>alert('amit')</script>.
xx - is a borrowernumber.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>