Input from ajax form is not validated and there is no check wether input actually comes from ajax form. Ths is a potential security hazard.

Comments

alex_b’s picture

alex_b commented

I don't know to what extent the menu system filters input - I guess there is some level of protection:

I just tried to inject javascript and php code with the ajax form, it doesn't get interpreted.

pomliane’s picture

pomliane commented
Status: Active » Closed (won't fix)

This version of Taxonomy User is not supported anymore. The issue is closed for this reason.
Please upgrade to a supported version and feel free to reopen the issue on the new version if applicable.

This issue has been automagically closed by a script.