An issue exists in Bilboplanet 2.0. Stored XSS exists in the fullname parameter to signup.php.
bilboplanet bilboplanet 2.0