- **private**: Yes --> No
--- ** [tickets:#8315] XSS when adding another user to a project** **Status:** closed **Milestone:** v1.11.1 **Created:** Wed Jul 10, 2019 03:55 PM UTC by Dave Brondsema **Last Updated:** Mon Jul 15, 2019 03:27 PM UTC **Owner:** nobody When adding a user to a project, the user's display name is not escaped. --- Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
