SA-CONTRIB-2009-072 - RealName - Cross Site Scripting

The RealName module allows the administrator to choose fields from the user profile that will be used to add a "real name" element method to a user object. In some specific cases, the module does not sanitize before outputting the realname, resulting in a cross-site scripting XSS vulnerability...