Re: Phorum HTML Injection Vulnerability

[brian () phorum org]

I have emailed this reporter about this already.  Other than allowing characters such as " and >< in a user name, there 
is nothing vulnerable about this page.  The characters are escaped properly on this page when there is an error.  I 
have asked for more information about this issue both via email and on our own bug tracking system.  I have received no 
reply so far.

Phorum 5.1.18 did include a FIX for an XSS issue.  But, it does not appear that this reporter is referring to that.