]> git.koha-community.org Git - koha.git/commit
Bug 19086: Fix Stored XSS in supplier.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 14 Aug 2017 21:03:59 +0000 (02:33 +0530)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Fri, 29 Sep 2017 15:20:45 +0000 (12:20 -0300)
commit6d22674da5062cc61b6bd8667f8fb5775f71b05a
treef9b5329217d4c4fbaf5baa84bd960398b6ddfcb5
parent50dcae4b504a4a54a830ae87848ba3fa5161ad57
Bug 19086: Fix Stored XSS in supplier.pl

1. Hit the page /cgi-bin/koha/acqui/supplier.pl?op=enter
2. Add a text in the field company_postal, physical, company_fax,
   accountnumber, contactposition, contact_fax, contact_notes, notes that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/supplier.tt