- Jul 6, 2004
- 4,860
- 1
- 81
There is no form validation in the profile page, allowing for execution of arbitrary JS (think redirects, cookies, etc.). PM me for full details, but I assume anyone who's part of the avatar modifying spree on OT will know what it is.
