Email address is not validated when updating user profile

On the view profile page /secure/ViewProfile.jspa it's possible to update your user profile /secure/EditProfile!default.jspa?username=admin to an invalid email address. See attached screenshots. !Screen Shot 2017-09-28 at 2.49.48 PM.png|thumbnail! !Screen Shot 2017-09-28 at 2.49.58...

Unfixed XSS vulnerability at www.earningswhispers.com

Security researcher Xylitol, has submitted on 10/01/2009 a cross-site-scripting XSS vulnerability affecting www.earningswhispers.com, which at the time of submission ranked 208860 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 01/07/2009. It i...