starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field
Summary A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. Details Here's the offending line:...