Password Policy - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-090
The Password Policy module allows enforcing restrictions on user passwords by defining password policies. The module doesn't sufficiently sanitize usernames in some administration pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that only...