git.koha-community.org Git - koha.git/commit

]> git.koha-community.org Git - koha.git/commit

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Wed, 16 Aug 2017 12:26:17 +0000 (17:56 +0530)
committer	Mason James <mtj@kohaaloha.com>
	Wed, 20 Sep 2017 03:13:21 +0000 (15:13 +1200)
commit	4d7b768750685ea11554831f7ed7fcb6796b3f7b
tree	84f97c7274653588218c17344f5845cc60b15d16	tree \| snapshot
parent	c127306b540cc0ee7cda9f7b14cd2c9bb47b99a1	commit \| diff

Bug 19127 - Stored XSS in csv-profiles.pl

To Test
1. Hit the page /cgi-bin/koha/tools/csv-profiles.pl?op=add_form
2. Add a text in the field Profile name, Profile description
and Profile MARC fields that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>

koha-tmpl/intranet-tmpl/prog/en/modules/tools/csv-profiles.tt

diff | blob | history

Main Koha release repository

RSS Atom