]> git.koha-community.org Git - koha.git/commit
Bug 19086 Stored XSS in subscription-add.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 14 Aug 2017 21:14:11 +0000 (02:44 +0530)
committerKatrin Fischer <katrin.fischer.83@web.de>
Tue, 19 Sep 2017 20:58:54 +0000 (22:58 +0200)
commit2aac25bb7a8d750d6f234b6f076682ae40158e7c
tree5797d01692e35987ad824813bb08985f39c62266
parentb9e460f398f573b15daee4d7f9328d08d1418535
Bug 19086 Stored XSS in subscription-add.pl

To Test
1. Hit the page /cgi-bin/koha/serials/subscription-add.pl
2. Add a text in the field Public note and Nonpublic note
   that contains js (Internalnotes, notes)
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ebf781afc133508eddcb8dc8fb6d7429a72db99b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit c4a1eafb5bac265c936567807e94ab22d04a1094)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
koha-tmpl/intranet-tmpl/prog/en/modules/serials/subscription-detail.tt