projects / koha-equinox.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ae86b7c) | patch
Bug 19086: Fix Stored XSS in members/member.pl
authorChris Cormack <chris@bigballofwax.co.nz>
Fri, 11 Aug 2017 19:36:43 +0000 (19:36 +0000)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Fri, 29 Sep 2017 15:20:44 +0000 (12:20 -0300)
commitc176b8ceefc8a4b964b8671c4d3198af053b59c8
treef04e3a6fade23f5f7c9588bb33b468ec3963249atree | snapshot
parentae86b7ca9ea60bba47d3a999ff13d6140cdc5e1ccommit | diff
Bug 19086: Fix Stored XSS in members/member.pl

To test
1/ hit /cgi-bin/koha/members/member.pl?&searchmember=<script>alert('XSS Payload')</script>
2/ Notice js is executed
3/ Apply patch, reload
4/ js is now escaped

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt diff | blob | history
Koha with Equinox developments in process and local tweaks