[Koha-bugs] [Bug 16476] CGI->param('foo') in list context allows XSS ( e.g. Javascript injection) in Koha