Koha Koha-bugs

[Bug 19611] New: XSS Flaws in supplier.pl

classic Classic list List threaded Threaded
7 messages Options
bugzilla-daemon
Reply | Threaded
Open this post in threaded view
|

[Bug 19611] New: XSS Flaws in supplier.pl

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19611

            Bug ID: 19611
           Summary: XSS Flaws in supplier.pl
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5 - low
         Component: Acquisitions
          Assignee: [hidden email]
          Reporter: [hidden email]
        QA Contact: [hidden email]

XSS Flaws in supplier.pl

--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
bugzilla-daemon
Reply | Threaded
Open this post in threaded view
|

[Bug 19611] XSS Flaws in supplier.pl

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19611

Amit Gupta <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|[hidden email]-commun |[hidden email]
                   |ity.org                     |
             Status|NEW                         |ASSIGNED
  Change sponsored?|---                         |Sponsored
                 CC|                            |amit.gupta@informaticsgloba
                   |                            |l.com,
                   |                            |[hidden email],
                   |                            |[hidden email]

--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
bugzilla-daemon
Reply | Threaded
Open this post in threaded view
|

[Bug 19611] XSS Flaws in supplier.pl

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19611

Amit Gupta <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--- Comment #1 from Amit Gupta <[hidden email]> ---
Created attachment 69099
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=69099&action=edit
Bug 19611 - XSS Flaws in supplier.pl

Test
1. Hit the page /cgi-bin/koha/acqui/supplier.pl?op=enter
2. Add a text in the field Name that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
bugzilla-daemon
Reply | Threaded
Open this post in threaded view
|

[Bug 19611] XSS Flaws in supplier.pl

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19611

Amit Gupta <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |Needs Signoff

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
bugzilla-daemon
Reply | Threaded
Open this post in threaded view
|

[Bug 19611] XSS Flaws in supplier.pl

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19611

Jonathan Druart <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Group|Koha security               |
          Component|Koha                        |Architecture, internals,
                   |                            |and plumbing
            Product|Koha security               |Koha
             Status|Passed QA                   |Pushed to Master
         QA Contact|                            |[hidden email]-communit
                   |                            |y.org

--- Comment #9 from Jonathan Druart <[hidden email]> ---
Pushed to master for 18.05, thanks to everybody involved!

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
bugzilla-daemon
Reply | Threaded
Open this post in threaded view
|

[Bug 19611] XSS Flaws in supplier.pl

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19611

Jonathan Druart <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|enhancement                 |major

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
bugzilla-daemon
Reply | Threaded
Open this post in threaded view
|

[Bug 19611] XSS Flaws in supplier.pl

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19611

Jonathan Druart <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |14568

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Free forum by Nabble Edit this page