mahara-contributors team mailing list archive

Thread
Date

[Bug 1079498] Re: group member search not sanitised

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Melissa Draper <melissa@xxxxxxxxxxxxx>
Date: Fri, 23 Nov 2012 03:04:42 -0000
Reply-to: Bug 1079498 <1079498@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Disclosure: https://mahara.org/interaction/forum/topic.php?id=5076

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1079498

Title:
  group member search not sanitised

Status in Mahara ePortfolio:
  Confirmed

Bug description:
  Original report:

  "if logged in and go to link

  http://<wwwroot>/group/members.php?id=2&query=123'%22%3E%3Cscript%3Ealert(1)%3C/script%3Exss

  then xss"

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1079498/+subscriptions