The language selection isn't standard. They won't have any parameter cleaning for the language I would imagine. So, the language drop down can be replaced by the iframe.
A valuable lesson :D
Re: BP Uses Moodle and (unfortunately) expose themselves to an "XSS based iFrame injection"...
by Howard Miller -
Number of replies: 0