]> git.koha-community.org Git - koha.git/commit
Bug 19127 - Stored XSS in csv-profiles.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Wed, 16 Aug 2017 12:26:17 +0000 (17:56 +0530)
committerMason James <mtj@kohaaloha.com>
Wed, 20 Sep 2017 03:13:21 +0000 (15:13 +1200)
commit4d7b768750685ea11554831f7ed7fcb6796b3f7b
tree84f97c7274653588218c17344f5845cc60b15d16
parentc127306b540cc0ee7cda9f7b14cd2c9bb47b99a1
Bug 19127 - Stored XSS in csv-profiles.pl

To Test
1. Hit the page /cgi-bin/koha/tools/csv-profiles.pl?op=add_form
2. Add a text in the field Profile name, Profile description
   and Profile MARC fields that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/intranet-tmpl/prog/en/modules/tools/csv-profiles.tt