This behaviour refers to version 1.0.3 It was changed and fixed two months ago. Is there still known potential XSS issue in the current version 1.0.6.? WoltLab offers different ways to contact with relation to a security vulnerability: Mail to woltlab (at) woltlab de. WoltLab Community Forum: http://community.woltlab.com/ Woltlab Burning Board Forum: http://www.woltlab.de/forum/ Contact form at www.woltlab.de: http://www.woltlab.de/contact/mailer.php These contacts are public and well known by WCF users.
