]> git.koha-community.org Git - koha.git/commit
Bug 19112 - Stored XSS in basketheader.pl page
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Tue, 15 Aug 2017 14:21:48 +0000 (19:51 +0530)
committerKatrin Fischer <katrin.fischer.83@web.de>
Sun, 20 Aug 2017 13:36:47 +0000 (15:36 +0200)
commitfabd0f82c11521fcde8f699bf0fa7ead362ea5a7
tree3eb823b0010585ea510b463cf7ff172f11ec37ad
parenta2c6cd77d2b84caf4767826a89404dc1e90b473c
Bug 19112 - Stored XSS in basketheader.pl page

To Test

1. Hit the page /cgi-bin/koha/acqui/basketheader.pl?booksellerid=1&op=add_form
2. Add a text in the field Basket name, Internal note, Vendor note that contains java script
3. Save the page
4. Notice js is execute
5. Apply patch, reload, js is escaped.

Fixed XSS on pages basket.pl/basketheader.pl/bookseller.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basketheader.tt
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt