Use the following markup:
{userlister:groups=<script>alert('Vulerable')</script>}
Whenever the page is viewed, the script will be executed.
Use the following markup:
{userlister:groups=<script>alert('Vulerable')</script>}
Whenever the page is viewed, the script will be executed.
I have tested version 2.4.3 on 2.10.3 and 3.0.1 and it works correctly. Anyone on 2.10.x or 3.0.x should be able to upgrade the plugin to fix this issue.