]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8383e75) | patch
Bug 19086 XSS in members/member.pl
authorChris Cormack <chris@bigballofwax.co.nz>
Fri, 11 Aug 2017 19:36:43 +0000 (19:36 +0000)
committerMason James <mtj@kohaaloha.com>
Wed, 20 Sep 2017 03:01:15 +0000 (15:01 +1200)
commit683f9ec507276af1737d6fba4ba653a38557bf78
tree015781f5f9280c38cb12e50de5a06c5f578f0f73tree | snapshot
parent8383e7546495a042f622826c95eee6274765b5d6commit | diff
Bug 19086 XSS in members/member.pl

To test
1/ hit /cgi-bin/koha/members/member.pl?&searchmember=<script>alert('XSS Payload')</script>
2/ Notice js is executed
3/ Apply patch, reload
4/ js is now escaped

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt diff | blob | history
Main Koha release repository