An issue exists in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page.
projectsend projectsend