]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2884226) | patch
Bug 36382: XSS in showLastPatron dropdown
authorKyle M Hall <kyle@bywatersolutions.com>
Thu, 21 Mar 2024 13:30:26 +0000 (09:30 -0400)
committerTomas Cohen Arazi <tomascohen@theke.io>
Tue, 14 May 2024 18:04:33 +0000 (15:04 -0300)
commita1045024372ceb2f149ca2c15f138f0542fc0b8c
treee561db1862585f8375b221e42462644b57e6411dtree | snapshot
parent2884226fe27cd3e4d5f4a070405c047183fed881commit | diff
Bug 36382: XSS in showLastPatron dropdown

1) Set borrower surname to:
    <script>alert("here comes trouble");</script>
2) Save, nothing happens
3) Enable showLastPatron
4) Reload patron
5) Note the alert popup
6) Apply this patch
7) Reload patron
8) No alert!

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
koha-tmpl/intranet-tmpl/prog/js/staff-global.js diff | blob | history
Main Koha release repository