search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: 26864e9) | patch
Bug 19319: Reflected XSS Vulnerability in opac-MARCdetail.pl
commit950fc8e101886821879066b33e389a47fb0a9782
authorKyle M Hall <kyle@bywatersolutions.com>
Thu, 14 Sep 2017 15:52:08 +0000 (14 11:52 -0400)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 9 Jan 2018 19:02:25 +0000 (9 16:02 -0300)
tree4602b604aa83d5a73cda779a69c368657fe1e79atree | snapshot (tar.gz zip)
parent26864e9f6f129c16959f680b7fa08468a8ad652dcommit | diff
Bug 19319: Reflected XSS Vulnerability in opac-MARCdetail.pl

Try going to this URL on your site: /cgi-bin/koha/opac-MARCdetail.pl?biblionumber=2"><TEST>

Test Plan:
1) Go to /cgi-bin/koha/opac-MARCdetail.pl?biblionumber=2"><TEST>
2) Note <TEST> is embedded all over the html
3) Apply this patch
4) Refresh the page, note the injection is gone!
5) run koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-detail-sidebar.inc diff | blob | blame | history
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-ISBDdetail.tt diff | blob | blame | history
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-MARCdetail.tt diff | blob | blame | history
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt diff | blob | blame | history
opac/opac-ISBDdetail.pl diff | blob | blame | history
opac/opac-MARCdetail.pl diff | blob | blame | history
opac/opac-detail.pl diff | blob | blame | history
Koha ILS