]> git.koha-community.org Git - koha.git/commit
Bug 19112 - Stored XSS in basketheader.pl page
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Tue, 15 Aug 2017 14:21:48 +0000 (19:51 +0530)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
commitd31c635fe2cc6d0b715661d35a02723a48e42e2b
tree77f96b1de3c8f3ad8c181fae351011ac453550f0
parentd4b588aca834a94ed9fa6b5af2f8b1c1cbed2667
Bug 19112 - Stored XSS in basketheader.pl page

To Test

1. Hit the page /cgi-bin/koha/acqui/basketheader.pl?booksellerid=1&op=add_form
2. Add a text in the field Basket name, Internal note, Vendor note that contains java script
3. Save the page
4. Notice js is execute
5. Apply patch, reload, js is escaped.

Fixed XSS on pages basket.pl/basketheader.pl/bookseller.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basketheader.tt
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt