]> git.koha-community.org Git - koha.git/commit
Bug 19086: Fix Stored XSS in members/member.pl
authorChris Cormack <chris@bigballofwax.co.nz>
Fri, 11 Aug 2017 19:36:43 +0000 (19:36 +0000)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Fri, 29 Sep 2017 15:20:44 +0000 (12:20 -0300)
commitc176b8ceefc8a4b964b8671c4d3198af053b59c8
treef04e3a6fade23f5f7c9588bb33b468ec3963249a
parentae86b7ca9ea60bba47d3a999ff13d6140cdc5e1c
Bug 19086: Fix Stored XSS in members/member.pl

To test
1/ hit /cgi-bin/koha/members/member.pl?&searchmember=<script>alert('XSS Payload')</script>
2/ Notice js is executed
3/ Apply patch, reload
4/ js is now escaped

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt