group member search not sanitised

Reported by Melissa Draper on 2012-11-16
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
Melissa Draper

Bug Description

Original report:

"if logged in and go to link

http://<wwwroot>/group/members.php?id=2&query=123'%22%3E%3Cscript%3Ealert(1)%3C/script%3Exss

then xss"

Melissa Draper (melissa) wrote :
Melissa Draper (melissa) wrote :
information type: Private Security → Public Security
Melissa Draper (melissa) on 2013-02-06
Changed in mahara:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers