git.koha-community.org Git - koha.git/commit

]> git.koha-community.org Git - koha.git/commit

author	Chris Cormack <chris@bigballofwax.co.nz>
	Fri, 11 Aug 2017 19:36:43 +0000 (19:36 +0000)
committer	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Fri, 29 Sep 2017 15:20:44 +0000 (12:20 -0300)
commit	c176b8ceefc8a4b964b8671c4d3198af053b59c8
tree	f04e3a6fade23f5f7c9588bb33b468ec3963249a	tree \| snapshot
parent	ae86b7ca9ea60bba47d3a999ff13d6140cdc5e1c	commit \| diff

Bug 19086: Fix Stored XSS in members/member.pl

To test
1/ hit /cgi-bin/koha/members/member.pl?&searchmember=<script>alert('XSS Payload')</script>
2/ Notice js is executed
3/ Apply patch, reload
4/ js is now escaped

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt

diff | blob | history

Main Koha release repository

RSS Atom