]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 46f9160) | patch
Bug 19086 Stored XSS in subscription-add.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 14 Aug 2017 21:14:11 +0000 (02:44 +0530)
committerFridolin Somers <fridolin.somers@biblibre.com>
Tue, 19 Sep 2017 12:59:31 +0000 (14:59 +0200)
commitc4a1eafb5bac265c936567807e94ab22d04a1094
tree583947a5393b102875ae487ccd2494a207068ed2tree | snapshot
parent46f91605a4044ebbf74f7014305078a1304afcd1commit | diff
Bug 19086 Stored XSS in subscription-add.pl

To Test
1. Hit the page /cgi-bin/koha/serials/subscription-add.pl
2. Add a text in the field Public note and Nonpublic note
   that contains js (Internalnotes, notes)
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ebf781afc133508eddcb8dc8fb6d7429a72db99b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
koha-tmpl/intranet-tmpl/prog/en/modules/serials/subscription-detail.tt diff | blob | history
Main Koha release repository