projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c532e5f) | patch
Bug 19086 Stored XSS in subscription-add.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 14 Aug 2017 21:14:11 +0000 (02:44 +0530)
committerMason James <mtj@kohaaloha.com>
Wed, 20 Sep 2017 03:02:38 +0000 (15:02 +1200)
commit0eb03b0817561fc37c77bf551a09d816d41c4117
tree1d5d9d3175141d9c60d1362cb2bdce7238634b30tree | snapshot
parentc532e5f0abbe5a84834cfab99d021af03d499afbcommit | diff
Bug 19086 Stored XSS in subscription-add.pl

To Test
1. Hit the page /cgi-bin/koha/serials/subscription-add.pl
2. Add a text in the field Public note and Nonpublic note
   that contains js (Internalnotes, notes)
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
koha-tmpl/intranet-tmpl/prog/en/modules/serials/subscription-detail.tt diff | blob | history
Main Koha release repository