git.koha-community.org Git - koha.git/commit

Bug 19079 - XSS Flaws in Membership page

1. Hit /cgi-bin/koha/members/moremember.pl?borrowernumber=xx<script>alert('amit')</script>.
xx - is a borrowernumber
2. Notice the java script is executed.
4. Apply patch.
5. Reload page, and hit the page again /cgi-bin/koha/members/moremember.pl?borrowernumber=xx<script>alert('amit')</script>.
xx - is a borrowernumber.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 4f48532c4f3bede64533af6415e507640e2ed6e0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Fri, 11 Aug 2017 15:38:14 +0000 (21:08 +0530)
committer	Fridolin Somers <fridolin.somers@biblibre.com>
	Wed, 23 Aug 2017 14:59:45 +0000 (16:59 +0200)
commit	44ccf758fe94bb105c57866411a5aba5cde5f610
tree	484d6c01539ea05dbab8f42d0ef32b50a8d9950b	tree \| snapshot
parent	933f139b77cc3f75946317103848f957ebf057cc	commit \| diff