A user's full name is an XSS vector when viewing the "Status Updates" tab of the user profile.
1) Set a user's Full Name as "<script>alert(document.cookie)</script>".
2) Log out.
3) If anonymous access is disabled, log in as a different user, otherwise, continue as Anonymous.
4) Go to the profile page for the user modified in step 1.
5) Click the "Status Updates" tab.
The script will execute twice:
This does not reproduce when a user views his/her own profile page, as the user's full name is replaced by the word "Your".