]> git.koha-community.org Git - koha.git/commit
Bug 19112 - Stored XSS in basketheader.pl page
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Tue, 15 Aug 2017 14:21:48 +0000 (19:51 +0530)
committerMason James <mtj@kohaaloha.com>
Thu, 24 Aug 2017 06:05:20 +0000 (18:05 +1200)
commit944c4ffcb659487fb30c0b9bdb6ac50ce7a3dfe1
tree149320de89be8c157edb2ff7e4bb972ab2a8c7a4
parent347200ab659a4698e2b147b335650a8d455f7b5b
Bug 19112 - Stored XSS in basketheader.pl page

To Test

1. Hit the page /cgi-bin/koha/acqui/basketheader.pl?booksellerid=1&op=add_form
2. Add a text in the field Basket name, Internal note, Vendor note that contains java script
3. Save the page
4. Notice js is execute
5. Apply patch, reload, js is escaped.

Fixed XSS on pages basket.pl/basketheader.pl/bookseller.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basketheader.tt
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt