git.koha-community.org Git - koha.git/commit

Bug 19112 - Stored XSS in basketheader.pl page

To Test

1. Hit the page /cgi-bin/koha/acqui/basketheader.pl?booksellerid=1&op=add_form
2. Add a text in the field Basket name, Internal note, Vendor note that contains java script
3. Save the page
4. Notice js is execute
5. Apply patch, reload, js is escaped.

Fixed XSS on pages basket.pl/basketheader.pl/bookseller.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Tue, 15 Aug 2017 14:21:48 +0000 (19:51 +0530)
committer	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
commit	d31c635fe2cc6d0b715661d35a02723a48e42e2b
tree	77f96b1de3c8f3ad8c181fae351011ac453550f0	tree \| snapshot
parent	d4b588aca834a94ed9fa6b5af2f8b1c1cbed2667	commit \| diff

koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basketheader.tt		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt		diff \| blob \| history