]> git.koha-community.org Git - koha.git/commit
Bug 19079 - XSS Flaws in Membership page
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Fri, 11 Aug 2017 15:38:14 +0000 (21:08 +0530)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
commitfbdfbc64f0301df4c69b3112f0512ff07e6a61ed
tree59f43680c43f161059828d82309c14a23c5ebe96
parent8c3da351307be664a879148ce4ca9215ca1c2da7
Bug 19079 - XSS Flaws in Membership page

1. Hit /cgi-bin/koha/members/moremember.pl?borrowernumber=xx<script>alert('amit')</script>.
   xx - is a borrowernumber
2. Notice the java script is executed.
4. Apply patch.
5. Reload page, and hit the page again /cgi-bin/koha/members/moremember.pl?borrowernumber=xx<script>alert('amit')</script>.
   xx - is a borrowernumber.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
members/moremember.pl