WordPress Buddypress 1.9.1 Cross Site Scripting

`# Vulnerability: Wordpress plugin Buddypress <= 1.9.1 stored xss  
# Date: 13/02/2014  
# Author: Pietro Oliva  
# Vendor Homepage: http://buddypress.org  
# Software Link: http://downloads.wordpress.org/plugin/buddypress.1.9.1.zip  
# Version: 1.9.1  
# CVE : [CVE-2014-1888]  
# Responsibly disclosed and patched in version 1.9.2  
  
During the group creation process in Buddypress it's possible to  
inject javascript code into the name field in the form at  
http://example.com/groups/create/step/group-details/ as for instance:  
name" onmouseover="alert('xss').  
  
To test this vulnerability you have reproduce the following steps:  
  
1) create a group named as follows: name" onmouseover="alert('xss')  
2) visiting this  
url:http://example.com/groups/create/step/group-details/ causes the  
alert to show on mouse over the group name field  
  
  
-Pietro Oliva-  
`