projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fbdfbc6) | patch
Bug 16069 - XSS issue in basket.pl page
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Tue, 15 Aug 2017 17:28:02 +0000 (22:58 +0530)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
commitfd44f2fed7415feb8605c94b7c533dcd48d27b15
tree082b9c5c65b0a76f46c079105614a9fde20f7fa3tree | snapshot
parentfbdfbc64f0301df4c69b3112f0512ff07e6a61edcommit | diff
Bug 16069 - XSS issue in basket.pl page

1. Hit /cgi-bin/koha/acqui/basket.pl?basketno=xx<script>alert('amit')</script>
   xx - is a basketno
2. Notice the java script is executed.
3. Apply patch.
4. Reload page, and hit the page again /cgi-bin/koha/acqui/basket.pl?basketno==xx<script>alert('amit')</script>
   xx - is a basketno.
5. Notice it is no longer executed.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt diff | blob | history
Main Koha release repository