SA-CONTRIB-2012-119 - Excluded Users - Cross Site Scripting (XSS)

Excluded Users is a helper module which allows administrators to select users to not appear in user listings. The module displays a list of user names and email addresses without sanitizing them. In the event that someone manages to insert malicious code into a user name or email address, this...