The XSS within user.php is reproducible if the default pnAntiCracker is manually disabled in Administration-Settings. This issue is considered 'less critical' but a fix is already available in the public CVS. Please keep in mind that .76x is currently a 'Release Candidate' and not intended for use on production sites.
If any customers experience a problem and believe it to be related to this issue, they should open a
bugtracker entry, including enviroment information for debugging.
Please also note our
security contact form.
larsneo
PostNuke Development
10652