projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2489a7e) | patch
Bug 16069 - XSS issue in basket.pl page
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Sun, 20 Aug 2017 15:23:06 +0000 (20:53 +0530)
committerMason James <mtj@kohaaloha.com>
Thu, 24 Aug 2017 06:02:32 +0000 (18:02 +1200)
commit54be404e93b458504f88ab5a456d702d725438d4
tree7c18d692d9fc1a610aed0e0c20573aec05e250betree | snapshot
parent2489a7e7ffeb508fc79db1b4e6e76b7055bd8b69commit | diff
Bug 16069 - XSS issue in basket.pl page

1. Hit /cgi-bin/koha/acqui/basket.pl?basketno=xx<script>alert('amit')</script>
   xx - is a basketno
2. Notice the java script is executed.
3. Apply patch.
4. Reload page, and hit the page again /cgi-bin/koha/acqui/basket.pl?basketno==xx<script>alert('amit')</script>
   xx - is a basketno.
5. Notice it is no longer executed.

Fix for 16.11.x

Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt diff | blob | history
Main Koha release repository