** Changed in: mahara/1.5 Status: In Progress => Fix Released -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/1063480
Title: Reflected XSS in user/group bulk CSV upload Status in Mahara ePortfolio: In Progress Status in Mahara 1.4 series: Fix Released Status in Mahara 1.5 series: Fix Released Bug description: Affects the bulk user upload, as well as the group and group member CSV uploads. If the CSV header has unknown fields, these are displayed as an error with no sanatization. This is done through pieforms error displaying. This means it may affect other areas where pieform errors are returned based on user data. It affects versions atleast back to 1.2 with the bulk user upload. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1063480/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp