viewuser.action has an XSS problem around username

Steps to reproduce: create a user with username: foo"alert'hello';span class="ff you should get an alert when you are redirected to viewuser.action to view the user you just created...

viewuser.action has an XSS problem around username

Steps to reproduce: create a user with username: foo"alert'hello';span class="ff you should get an alert when you are redirected to viewuser.action to view the user you just created...

viewuser.action has an XSS problem around username

Steps to reproduce: create a user with username: foo"alert'hello';span class="ff you should get an alert when you are redirected to viewuser.action to view the user you just created...