http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11322
Bug ID: 11322
Summary: Suggestion "notes" field should be sanitized or
escaped
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5 - low
Component: Acquisitions
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
It's possible for patron to make purchase suggestion from OPAC with
html/javascript code within Notes: field. Such injected JS code will be stored
in the database, and in certain circumstances (when managing suggestions in
acquisition) it may got subsequently executed in staff WWW browser.
Other suggestion fields may be affected as well, but the problem with 'notes'
is potentially more severe because it's a long field - more elaborate "evil"
script will fit into it.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
