]> git.koha-community.org Git - koha.git/commit
Bug 19086 Stored XSS in supplier.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 14 Aug 2017 21:03:59 +0000 (02:33 +0530)
committerKatrin Fischer <katrin.fischer.83@web.de>
Tue, 19 Sep 2017 20:58:43 +0000 (22:58 +0200)
commitb9e460f398f573b15daee4d7f9328d08d1418535
treed4d1141c6fab390f440de434714819a84be14099
parent8ae521da59d5376607c8a7d763a15177fa257444
Bug 19086 Stored XSS in supplier.pl

1. Hit the page /cgi-bin/koha/acqui/supplier.pl?op=enter
2. Add a text in the field company_postal, physical, company_fax,
   accountnumber, contactposition, contact_fax, contact_notes, notes that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 9d0bbf5fa7455e0eb64288652802b0836cf22690)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 46f91605a4044ebbf74f7014305078a1304afcd1)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/supplier.tt