XSS bug on ViewProfile page

XMLWordPrintable

      The ViewProfile page contains an XSS bug. I believe this has to do with the new profile code not HTML escaping its output.

      Set the username: Thomas <script>alert(1)</script>

      -->output:

      <td bgcolor="#f0f0f0" colspan="2">
      <h3 class="formtitle">
      User Profile : Thomas"<script>alert(1)</script>
      </h3>
      </td>

            Assignee:
            Andreas Knecht (Inactive)
            Reporter:
            AntonA
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 2h
                2h