]> git.koha-community.org Git - koha.git/commit
Bug 19086 Stored XSS in circulation.pl
authorChris Cormack <chris@bigballofwax.co.nz>
Fri, 11 Aug 2017 19:54:34 +0000 (19:54 +0000)
committerKatrin Fischer <katrin.fischer.83@web.de>
Tue, 19 Sep 2017 20:58:33 +0000 (22:58 +0200)
commit8ae521da59d5376607c8a7d763a15177fa257444
treed769c358e019b802f577fe0834028faaad7ef426
parentf17be038ebb4c5f05d402a2a93e70c78c306d373
Bug 19086 Stored XSS in circulation.pl

1/ To test add a message to a borrower that contains js
2/ hit /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number]
  where number is the borrowernumber of the borrower you set the message
  for
3/ Notice js is execute
4/ Apply patch, reload, js is escaped

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 80c93d3499b11f3574fbafe756f94c534b746d5a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 0a53a9e7f35855405024d03bde01d49f560f99ee)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
koha-tmpl/intranet-tmpl/prog/en/modules/circ/circulation.tt