]> git.koha-community.org Git - koha.git/commit
Bug 19086 Stored XSS in supplier.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 14 Aug 2017 21:03:59 +0000 (02:33 +0530)
committerMason James <mtj@kohaaloha.com>
Wed, 20 Sep 2017 03:02:38 +0000 (15:02 +1200)
commitc532e5f0abbe5a84834cfab99d021af03d499afb
tree0fb31058d0df0cb307933b49f1f6c54f4675d7c9
parent1deab6d87f13ced3da4dc29ef30978867a95145c
Bug 19086 Stored XSS in supplier.pl

1. Hit the page /cgi-bin/koha/acqui/supplier.pl?op=enter
2. Add a text in the field company_postal, physical, company_fax,
   accountnumber, contactposition, contact_fax, contact_notes, notes that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/supplier.tt