WebAPP prior to 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors.
web-app.org webapp