6 Nov
2017
6 Nov
'17
10:32 a.m.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15814 Victor Grousset/tuxayo <victor.grousset@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |major --- Comment #2 from Victor Grousset/tuxayo <victor.grousset@biblibre.com> --- Still happens on master as of today. Also, as a consequence, it's vulnerable to XSS. Putting "<script>alert(123)</script>" in the description works. Idea to fix: escape in the template with replace() -- You are receiving this mail because: You are watching all bug changes.