SECURITY escape user properties in user manager #1081

The user properties (login, real name, etc) where not properly escaped
in the user manager's edit form. This allowed a XSS attack on the
superuser by registered users.

Thanks to Filippo Cavallarin from www.segment.technology for discovering
this bug.

0 files changed, 0 insertions, 0 deletions