Disclosure: https://mahara.org/interaction/forum/topic.php?id=5076
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/1079498 Title: group member search not sanitised Status in Mahara ePortfolio: Confirmed Bug description: Original report: "if logged in and go to link http://<wwwroot>/group/members.php?id=2&query=123'%22%3E%3Cscript%3Ealert(1)%3C/script%3Exss then xss" To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1079498/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp