Cross-Site Scripting (XSS) on OOB Registration Page

[mbtomlin]

I've been made aware of a Cross-Site Scripting (XSS) vulnerability on the oob registration button. The partial URL is Account/Login/Register?returnUrl=%2F

Has anyone else experienced this? If so, is it hard to fix or should I just roll my own registration page? Thanks.

[amervitz]

A fix contributed to this project would be ideal. If you'd like to discuss the specifics of the issue before making changes please write to me via the LinkedIn profile I have listed in my GitHub profile. This will help to avoid publically disclosing anything potentially sensitive prior to a fix being available.