To reproduce this issue:

• create a user with username "><<script>alert('hahahaha')</script>
• create a personal space for this user
• create a page in the personal space with pagetree and/or pagetreesearch macro

Note that confluence does not work very well with such usernames so you would need to use actions directly when creating/viewing pages in the user space.