Anonymous registration permits name with javascript payload

Kindly reported to Openfire Security Email List by Sven Tantau

If anonymous registration via xmpp server is enabled, an attacker can
generate one user that contains javascript payload inside the 'name'
parameter.

Once the administrator with access to the openfire webinterface looks
at the list of users, the payload would run.