projects / koha_ffzg / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 73a66cc) | patch
Bug 19110 - XSS Stored in branches.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Tue, 15 Aug 2017 09:30:55 +0000 (15:00 +0530)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
commitd4b588aca834a94ed9fa6b5af2f8b1c1cbed2667
tree78eaa89d0c13851eb3f7497876a426eeab5ce206tree | snapshot
parent73a66ccaf47f8815bbe74326dbe24dba915456fbcommit | diff
Bug 19110 - XSS Stored in branches.pl

To Test
1. Hit the page /cgi-bin/koha/admin/branches.pl?op=add_form_category
2. Add a text in the field Name and description that contains js.
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for js escaped execute for both pages

1. /cgi-bin/koha/admin/branches.pl?op=delete_confirm&branchcode=xx
   xx is branchcode
2. /cgi-bin/koha/admin/branches.pl?op=add_form with Group(s):

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/admin/branches.tt diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.