projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 44ccf75) | patch
Bug 16069 - XSS issue in basket.pl page
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Tue, 15 Aug 2017 17:28:02 +0000 (22:58 +0530)
committerFridolin Somers <fridolin.somers@biblibre.com>
Wed, 23 Aug 2017 14:59:54 +0000 (16:59 +0200)
commit5e5cd8025301bb6efc2031f9e6f8a48a768a0dc8
tree72b6017d9a570a20b0819805da2e500065ea80f7tree | snapshot
parent44ccf758fe94bb105c57866411a5aba5cde5f610commit | diff
Bug 16069 - XSS issue in basket.pl page

1. Hit /cgi-bin/koha/acqui/basket.pl?basketno=xx<script>alert('amit')</script>
   xx - is a basketno
2. Notice the java script is executed.
3. Apply patch.
4. Reload page, and hit the page again /cgi-bin/koha/acqui/basket.pl?basketno==xx<script>alert('amit')</script>
   xx - is a basketno.
5. Notice it is no longer executed.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 91711087e93e5da6265bac329791e45afb7d354f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt diff | blob | history
Main Koha release repository