SA-CONTRIB-2010-051 - Heartbeat - Cross Site Scripting

The Heartbeat project contains a suite of modules to display user activity on a website. These modules do not properly sanitize some of their output, allowing certain users the ability to insert arbitrary HTML and script code. Such a cross site scripting XSS attack may lead to a malicious user...