git.koha-community.org Git - koha.git/commit

]> git.koha-community.org Git - koha.git/commit

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Tue, 15 Aug 2017 15:28:34 +0000 (20:58 +0530)
committer	Mason James <mtj@kohaaloha.com>
	Thu, 24 Aug 2017 06:05:33 +0000 (18:05 +1200)
commit	c6252a3b2e29d04e3e31c006d3b853cfd9082b7a
tree	67afa56378607679970003158aecdf23d6ebecb4	tree \| snapshot
parent	944c4ffcb659487fb30c0b9bdb6ac50ce7a3dfe1	commit \| diff

Bug 19114 - Stored XSS in parcels.pl

Test
1. Hit the page /cgi-bin/koha/acqui/parcels.pl?booksellerid=xx
xx is booksellerid
2. Add a text in the field Vendor invoice that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped

Fixed XSS for parcels.pl/parcel.pl/orderreceive.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>

koha-tmpl/intranet-tmpl/prog/en/modules/acqui/orderreceive.tt		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/parcel.tt		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/parcels.tt		diff \| blob \| history

Main Koha release repository

RSS Atom