Bug 19086 Stored XSS in supplier.pl
1. Hit the page /cgi-bin/koha/acqui/supplier.pl?op=enter
2. Add a text in the field company_postal, physical, company_fax,
accountnumber, contactposition, contact_fax, contact_notes, notes that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit
9d0bbf5fa7455e0eb64288652802b0836cf22690)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit
46f91605a4044ebbf74f7014305078a1304afcd1)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
projects / koha.git / commit